On 02.06.2014 23:07, Toshio Kuratomi wrote:
On Mon, Jun 02, 2014 at 10:39:56PM +0200, Nicolas Chauvet wrote:
python-pillow-2.2.1-4.fc20.src.rpm
This one can be fixed by upgrading to 2.3.0 (or greater. 2.4.0 is current). 2.4.0 is what's in rawhide. Not sure if that's safe to push back to f20 and earlier. (Although I see that there's an insecure use of tempfile CVE that was ficed in 2.3.1 so maybe it makes sense to update even if there is API breakage.)
@smani: Do you have more information here?
-Toshio
The API has never been broken as far as I can tell. I guess we could update to 2.4.0 (although given the number of packages which depend on pillow I wasn't planning to do so in a stable release), or otherwise we could backport [1]. But, more generally, why introduce such a change in a stable release? Can't lcms just be removed for F21+?
Sandro