Fwd: Ophaning lcms(1)
Sandro Mani
manisandro at gmail.com
Tue Jun 3 09:32:16 UTC 2014
On 02.06.2014 23:07, Toshio Kuratomi wrote:
> On Mon, Jun 02, 2014 at 10:39:56PM +0200, Nicolas Chauvet wrote:
>> python-pillow-2.2.1-4.fc20.src.rpm
>>
> This one can be fixed by upgrading to 2.3.0 (or greater. 2.4.0 is current).
> 2.4.0 is what's in rawhide. Not sure if that's safe to push back to f20 and
> earlier. (Although I see that there's an insecure use of tempfile CVE that
> was ficed in 2.3.1 so maybe it makes sense to update even if there is API
> breakage.)
>
> @smani: Do you have more information here?
>
> -Toshio
The API has never been broken as far as I can tell. I guess we could
update to 2.4.0 (although given the number of packages which depend on
pillow I wasn't planning to do so in a stable release), or otherwise we
could backport [1]. But, more generally, why introduce such a change in
a stable release? Can't lcms just be removed for F21+?
Sandro
[1] https://github.com/python-pillow/Pillow/pull/380
More information about the devel
mailing list