Hello,
I have three review requests for src:pillow in LTS and ELTS.
(1) I believe that the fixes previously uploaded to buster, stretch and
jessie for CVE-2022-22817 are incomplete. Upstream updated the
vulnerability a month after releasing the original fix with a follow-up
fix in commit c930be
Sean Whitton wrote:
> I was thinking that it would be appropriate to issue DLA-..-2 and
> ELA-..-2 advisories, but the problem is that buster was under Security
> Team support at the time of the previous update, and stretch was under
> LTS, not ELTS. Another option would be to roll the information
Hello,
Thanks Chris. I'll go ahead with this.
--
Sean Whitton
signature.asc
Description: PGP signature