Safety CI > prolibre-ch/nobinobi-staff

pyup/scheduled-update-2023-10-23

2 years, 5 months ago

Update django-bootstrap-datepicker-plus from 5.0.3 to 5.0.4

pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244
pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

pyup/scheduled-update-2023-10-23

2 years, 5 months ago

80440b19

Update datetimerange from 2.1.0 to 2.2.0

pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244
pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

pyup/scheduled-update-2023-10-23

2 years, 5 months ago

3254aab1

Update django-admin-rangefilter from 0.10.0 to 0.11.2

pillow 9.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	9.5.0	<10.2.0	show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.
pillow	9.5.0	<10.2.0	show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html
pillow	9.5.0	<10.0.0	show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244
pillow	9.5.0	>=2.5.0,<10.0.1	show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html
pillow	9.5.0	<10.3.0	show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.