GNU logs - #47259, boring messages


Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#47259: python-pillow-simd package vulnerable to at least CVE-2021-25293
Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 19 Mar 2021 10:38:02 +0000
Resent-Message-ID: <handler.47259.B.161615024327746 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 47259
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 47259 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.161615024327746
          (code B ref -1); Fri, 19 Mar 2021 10:38:02 +0000
Received: (at submit) by debbugs.gnu.org; 19 Mar 2021 10:37:23 +0000
Received: from localhost ([127.0.0.1]:48901 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lNCVP-0007DS-4h
	for submit <at> debbugs.gnu.org; Fri, 19 Mar 2021 06:37:23 -0400
Received: from lists.gnu.org ([209.51.188.17]:45088)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lNCVN-0007DL-UZ
 for submit <at> debbugs.gnu.org; Fri, 19 Mar 2021 06:37:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52970)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lNCVN-0007pC-Mz
 for bug-guix@HIDDEN; Fri, 19 Mar 2021 06:37:21 -0400
Received: from mail.zaclys.net ([178.33.93.72]:59077)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lNCVG-0006LM-TF
 for bug-guix@HIDDEN; Fri, 19 Mar 2021 06:37:21 -0400
Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12JAb9fj024589
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <bug-guix@HIDDEN>; Fri, 19 Mar 2021 11:37:10 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12JAb9fj024589
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616150230;
 bh=LfPwn2aN4UDHDp52e7IP59SKaHCnPClsLQqbHhqII7I=;
 h=Subject:From:To:Date:From;
 b=ijf2NTjycZ8zvX45Ep0QpdhlORVcJo42KuoMnXeSjqaWjbutGt2FhI3nAkXm0hX5K
 p5vX2kRAuOZUKkMByP27Ed3gxdSEyrnkITF9W9TtB4V/jR4THflQeT8FluJNeLBT3X
 DdMWdtsC6x7xF5EuPpO4EcrZKSxnQgM/co2eK4sI=
Message-ID: <932873dcc65d8416e419c95caf9ebb0536f2ae98.camel@HIDDEN>
From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Date: Fri, 19 Mar 2021 11:37:09 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-DAPQS9E+YIbvLipdBdw8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@HIDDEN;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--=-DAPQS9E+YIbvLipdBdw8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello!

pillow-simd is a fork of pillow (
https://github.com/uploadcare/pillow-simd), it's currently still at
version 7.x and it does not seem like it backports security patches
from pillow.

$ ./pre-inst-env guix refresh -l python-pillow-simd
No dependents other than itself: python-pillow-simd@HIDDEN

Do we remove it? Do we want to commit to backporting/applying all fixes
from python-pillow back in python-pillow-simd ourselves (I don't)?

L=C3=A9o

--=-DAPQS9E+YIbvLipdBdw8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBUftUACgkQRaix6GvN
EKYLoA/+KW+i8wvals9itmcRbJxnmkICe6qOqy8lYxm2i48jn6soZvYquQBa0IoV
WKMKVpsuKG6iqWxDuBeufDWMnSCO95z9mQK5m/+dMsWW6hpu7FYNnfvTxJHZjZLG
obYktCTXTde+XKbnzgj0F1vXpPVxKf1WY0ZHaMF/rSMLJ+ZS4gaZOzLr6Wr9ZPCU
vBr3fIA+uBzUy7BOQNR3Ac87TEbB/JVYWMyB4hqmR61iBRPwMR5BJKxfbFXXAWmD
esxDWL044034br6zPo0beW+FCfvH9JzVHudgPF+a2UV5uYmRr1FQbbaDje0+e09B
WGBpYJh6cYSlh5HW8iIJ9qYNpXQG8+KNthQDKWrBmX57/Bt9oltIZ583Fz5d6NPU
4OQEZ9n+Dhyp15oYppXMb101BnUriiH0nCoeyEsJCMZA8NH2CTRazT3iKGDzq+yS
jdsNlMAEMnlXgf4B/nC74vyfNLhgwPs53waGZZAGBLomye/H94zx3xHrRa31EWwK
cTeg/x3cbVllHN21CuBNAt6PKEseip2cPKED4SSWqoeNEmh+Jdn6kitSa2em/07R
oAiQ7MPBGvTU/LcTyPM8C7fWY8vvPySdNRpLp31n9j0CWReK8Yc3fo4Aibi6o3eZ
ImLG+afXPD8O/apBEj5U3LCGAz7NHvI/hDa6na/heqG8C2BUf9w=
=NKXC
-----END PGP SIGNATURE-----

--=-DAPQS9E+YIbvLipdBdw8--





Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Subject: bug#47259: Acknowledgement (python-pillow-simd package vulnerable
 to at least CVE-2021-25293)
Message-ID: <handler.47259.B.161615024327746.ack <at> debbugs.gnu.org>
References: <932873dcc65d8416e419c95caf9ebb0536f2ae98.camel@HIDDEN>
X-Gnu-PR-Message: ack 47259
X-Gnu-PR-Package: guix
Reply-To: 47259 <at> debbugs.gnu.org
Date: Fri, 19 Mar 2021 10:38:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 47259 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
47259: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D47259
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems


Message received at control <at> debbugs.gnu.org:


Received: (at control) by debbugs.gnu.org; 19 Mar 2021 10:39:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 19 06:39:17 2021
Received: from localhost ([127.0.0.1]:48906 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lNCXF-0007Gy-GO
	for submit <at> debbugs.gnu.org; Fri, 19 Mar 2021 06:39:17 -0400
Received: from mail.zaclys.net ([178.33.93.72]:52425)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lNCXD-0007Gl-DR
 for control <at> debbugs.gnu.org; Fri, 19 Mar 2021 06:39:15 -0400
Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12JAd9tv024761
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <control <at> debbugs.gnu.org>; Fri, 19 Mar 2021 11:39:09 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12JAd9tv024761
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616150349;
 bh=rPapwWj9Jc7YT4WYV940C3GFYVM50nVZKGEG9PCM/hc=;
 h=Subject:From:To:Date:From;
 b=K+ZoyV9o235xt1FKgVDwbIsYAOre4ef+On1ZHC3gE2ROhbPjHuOvq4DL26+SySiTs
 i3xdHJjsO76A7wjgB+3BGheVw7vQ2jWRr92maOI4gvmLHJ8c5pBDxzCAj3sEpMzJn/
 vvzQrZThiYX8k+9aTHQGntD4Puh13bBP+5w/8ylk=
Message-ID: <af059ab20e973bb7f22dd8a5bde0a19c4b64a96b.camel@HIDDEN>
Subject: 
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>
To: control <at> debbugs.gnu.org
Date: Fri, 19 Mar 2021 11:39:09 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-tI9Ssdgf8BPcxPLB3vT9"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 2.8 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  tags 47259 + security quit 
 Content analysis details:   (2.8 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 BLANK_SUBJECT          Subject is present but empty
 0.8 BODY_EMPTY             No body text in message
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.8 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  tags 47259 + security quit 
 
 Content analysis details:   (1.8 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  2.0 BLANK_SUBJECT          Subject is present but empty
  0.8 BODY_EMPTY             No body text in message


--=-tI9Ssdgf8BPcxPLB3vT9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

tags 47259 + security
quit

--=-tI9Ssdgf8BPcxPLB3vT9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBUf00ACgkQRaix6GvN
EKajThAAw9OK11pgzkU/bGm7YdzlYiZpSXs5QeIH1re/Cnngb0O2K1Z7AgiEcPMf
2ai92WcMtnJVLxat+aRFpHj2iZA4cVt42Vxc+DNxOjkb/h6k035SnkBX5hPmsN2r
b7Yah5W/wUqtcDEpmyWGlndso2zfQXiXamViTSmiXGZSjyqAVtzIqx4QKRp3+oVF
Ntu2Gu88kT2HiEKz23luNon6MPS2OrHz2SJ4+si0JBIz4WFNRRfGa/uwDtvbUsyF
FEUtLrOXWM6aHbF/Gl3MlNrl7U8MbiMNSoMSKaT41U8mmhlwWX4hePsK3ZVgiRUK
EKB2bXG27Nym4Lzk3MwbejfePMCqDlKUKytn2k3RHfgCICpZrYedRU3zF6hXmvQL
NcoePGwb2EijmLH1a7t9KMDocB/gsfWXfOZtiJAp/b1b7vk0SdmrHTJX2vhwFsBc
bF3KdtBNkh5R8KS+aJ6v+A0NVSMQDJ/qK1KOiPP25si7OvAH0vnRh+CahrRDnk9z
tXAVKoJw6Z+01QbDlLavAPh7LVqL7QAI0Ym540BB6SD1fGphDAeaZ7S0FG2wMf6a
gFw/ZfzzPZn9h28IhZMgTwr3lQ9QQ/o+LOkoiisWZOkHLpJGHaKzlOYtpzQFcHzg
2+LCB9y7dBJPwhUuzo6sWiyNDfNct6HTw7Tx7eJEPcP24+4aPUw=
=tpCq
-----END PGP SIGNATURE-----

--=-tI9Ssdgf8BPcxPLB3vT9--






Last modified: Fri, 19 Mar 2021 10:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.