[ubuntu/impish-proposed] pillow 8.1.2+dfsg-0.1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue May 18 11:47:21 UTC 2021
pillow (8.1.2+dfsg-0.1ubuntu1) impish; urgency=medium
* SECURITY UPDATE: OOB read in Jpeg2KDecode
- debian/patches/CVE-2021-25287_8.patch: handle different widths for
each band in src/libImaging/Jpeg2KDecode.c.
- CVE-2021-25287
- CVE-2021-25288
* SECURITY UPDATE: DOS in PsdImagePlugin
- debian/patches/CVE-2021-28675.patch: sanity check the number of
input layers in Tests/test_decompression_bomb.py,
Tests/test_file_apng.py, Tests/test_file_blp.py,
Tests/test_file_tiff.py, src/PIL/ImageFile.py,
src/PIL/PsdImagePlugin.py.
- CVE-2021-28675
* SECURITY UPDATE: FLI DOS
- debian/patches/CVE-2021-28676.patch: check the block advance in
src/libImaging/FliDecode.c.
- CVE-2021-28676
* SECURITY UPDATE: EPS DOS on _open
- debian/patches/CVE-2021-28677.patch: properly handle line endings in
src/PIL/EpsImagePlugin.py.
- CVE-2021-28677
* SECURITY UPDATE: BLP DOS
- debian/patches/CVE-2021-28678.patch: check that reads return data in
src/PIL/BlpImagePlugin.py.
- CVE-2021-28678
Date: Tue, 18 May 2021 07:02:45 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/pillow/8.1.2+dfsg-0.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 18 May 2021 07:02:45 -0400
Source: pillow
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.2+dfsg-0.1ubuntu1
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
pillow (8.1.2+dfsg-0.1ubuntu1) impish; urgency=medium
.
* SECURITY UPDATE: OOB read in Jpeg2KDecode
- debian/patches/CVE-2021-25287_8.patch: handle different widths for
each band in src/libImaging/Jpeg2KDecode.c.
- CVE-2021-25287
- CVE-2021-25288
* SECURITY UPDATE: DOS in PsdImagePlugin
- debian/patches/CVE-2021-28675.patch: sanity check the number of
input layers in Tests/test_decompression_bomb.py,
Tests/test_file_apng.py, Tests/test_file_blp.py,
Tests/test_file_tiff.py, src/PIL/ImageFile.py,
src/PIL/PsdImagePlugin.py.
- CVE-2021-28675
* SECURITY UPDATE: FLI DOS
- debian/patches/CVE-2021-28676.patch: check the block advance in
src/libImaging/FliDecode.c.
- CVE-2021-28676
* SECURITY UPDATE: EPS DOS on _open
- debian/patches/CVE-2021-28677.patch: properly handle line endings in
src/PIL/EpsImagePlugin.py.
- CVE-2021-28677
* SECURITY UPDATE: BLP DOS
- debian/patches/CVE-2021-28678.patch: check that reads return data in
src/PIL/BlpImagePlugin.py.
- CVE-2021-28678
Checksums-Sha1:
f584a13534f2bca2025bba89cac4272e9921584a 2547 pillow_8.1.2+dfsg-0.1ubuntu1.dsc
f820c1a24914356c55e28c6f576a22b85d30d145 22940 pillow_8.1.2+dfsg-0.1ubuntu1.debian.tar.xz
065c0afc1510e610efc870e0c9ff33e1bb09fa7a 11895 pillow_8.1.2+dfsg-0.1ubuntu1_source.buildinfo
Checksums-Sha256:
bbc326a8addb0195ea4eee93ecc5bf789b2a87e7e0f74bc62644d19943938619 2547 pillow_8.1.2+dfsg-0.1ubuntu1.dsc
c55be6a52ef45331feac3dd78e22b7f31c8d71f8b92a97ac204c89fed20f3b1e 22940 pillow_8.1.2+dfsg-0.1ubuntu1.debian.tar.xz
e457bbf5fb2b6b18ad8dc850b73890415b7a717d8aee2d21373e3c6ce2c70027 11895 pillow_8.1.2+dfsg-0.1ubuntu1_source.buildinfo
Files:
43cbc6f6fe127c17b7cf42650b81557b 2547 python optional pillow_8.1.2+dfsg-0.1ubuntu1.dsc
51ac29071d94cbdbb51909825fbcaac8 22940 python optional pillow_8.1.2+dfsg-0.1ubuntu1.debian.tar.xz
4e176d4e3db259b61166a0a3e4503573 11895 python optional pillow_8.1.2+dfsg-0.1ubuntu1_source.buildinfo
Original-Maintainer: Matthias Klose <doko at debian.org>
More information about the impish-changes
mailing list