[yocto] [layerindex-web][PATCH 1/2] requirements.txt: update to fix CVE-2019-16865
Paul Eggleton
paul.eggleton at linux.intel.com
Mon Oct 28 14:26:50 PDT 2019
Update Pillow version to incorporate a fix for a denial-of-service
vulnerability (which should not affect this application however, as it
does not use Pillow to process external images):
https://nvd.nist.gov/vuln/detail/CVE-2019-16865
Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
---
requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index 855b7344..84f2ea54 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,7 +19,7 @@ gitdb2==2.0.6
GitPython==2.1.13
kombu==4.6.3
mysqlclient==1.4.4
-Pillow==6.1.0
+Pillow==6.2.1
pytz==2019.2
six==1.12.0
smmap2==2.0.5
--
2.20.1
More information about the yocto
mailing list