Fedora alert FEDORA-2026-0d673fa503 (python-pillow)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 42 Update: python-pillow-11.1.0-3.fc42 | |
| Date: | Tue, 03 Mar 2026 01:28:25 +0000 | |
| Message-ID: | <20260303012825.EDB9F79711@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0d673fa503 2026-03-03 01:28:02.255781+00:00 -------------------------------------------------------------------------------- Name : python-pillow Product : Fedora 42 Version : 11.1.0 Release : 3.fc42 URL : http://python-pillow.github.io/ Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2026-25990. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2026 Sandro Mani <manisandro@gmail.com> - 11.1.0-3 - Backport fix for CVE-2026-25990 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2439192 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439192 [ 2 ] Bug #2439196 - CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439196 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0d673fa503' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new