You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tvm.apache.org by GitBox <gi...@apache.org> on 2022/02/14 05:59:46 UTC

[GitHub] [tvm] areusch opened a new issue #10238: Remove version restriction from Pillow in TVM codebase

areusch opened a new issue #10238:
URL: https://github.com/apache/tvm/issues/10238


   @kparzysz-quic [states](https://discuss.tvm.apache.org/t/pillow-9-0-0-security-vulnerabilities/12070): There are 3 security vulnerabilities in Pillow < 9.0.0. They are all considered critical.
   
   [CVE-2022-22815 2](https://nvd.nist.gov/vuln/detail/CVE-2022-22815)
   [CVE-2022-22816](https://nvd.nist.gov/vuln/detail/CVE-2022-22816)
   [CVE-2022-22817](https://nvd.nist.gov/vuln/detail/CVE-2022-22817)
   apps/microtvm/ethosu/requirements.txt lists Pillow==8.3.2.
   
   @areusch : note this was originally listed in the docs install script as a hard version limit, but it's since gone. i suspect the task here is to just remove it from the various places in the codebase which mention it.
   
   https://github.com/apache/tvm/search?q=Pillow


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@tvm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tvm] manupa-arm commented on issue #10238: Remove version restriction from Pillow in TVM codebase

Posted by GitBox <gi...@apache.org>.

manupa-arm commented on issue #10238:
URL: https://github.com/apache/tvm/issues/10238#issuecomment-1038884564


   cc : @grant-arm 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@tvm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [tvm] leandron commented on issue #10238: Remove version restriction from Pillow in TVM codebase

Posted by GitBox <gi...@apache.org>.

leandron commented on issue #10238:
URL: https://github.com/apache/tvm/issues/10238#issuecomment-1038923382


   Me and @grant-arm did some investigation in this and we found out that the fixed/safe versions of Pillow don't release for Python 3.6 anymore.
   
   So this is one more reason for us to update our Docker images and CI, because this will certainly be trend that libraries stop releasing Python 3.6.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@tvm.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org