Binary files /tmp/tmp70vm6o3e/QVcZhJMIzN/pillow-9.0.1/Tests/icc/sGrey-v2-nano.icc and /tmp/tmp70vm6o3e/feXcIZrnqI/pillow-9.0.1/Tests/icc/sGrey-v2-nano.icc differ
diff -Nru pillow-9.0.1/debian/changelog pillow-9.0.1/debian/changelog
--- pillow-9.0.1/debian/changelog	2024-01-25 15:10:10.000000000 +0000
+++ pillow-9.0.1/debian/changelog	2024-04-15 12:00:29.000000000 +0000
@@ -1,3 +1,12 @@
+pillow (9.0.1-1ubuntu0.3) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Buffer overflow in imagingcms.c
+    - debian/patches/CVE-2024-28219.patch: Use strncpy
+    to avoid buffer overflow
+    - CVE-2024-28219
+
+ -- Nick Galanis <nick.galanis@canonical.com>  Mon, 15 Apr 2024 13:00:29 +0100
+
 pillow (9.0.1-1ubuntu0.2) jammy-security; urgency=medium
 
   * SECURITY UPDATE: DoS in ImageFont via large textlength
diff -Nru pillow-9.0.1/debian/patches/CVE-2024-28219.patch pillow-9.0.1/debian/patches/CVE-2024-28219.patch
--- pillow-9.0.1/debian/patches/CVE-2024-28219.patch	1970-01-01 00:00:00.000000000 +0000
+++ pillow-9.0.1/debian/patches/CVE-2024-28219.patch	2024-04-15 11:59:12.000000000 +0000
@@ -0,0 +1,44 @@
+From 2a93aba5cfcf6e241ab4f9392c13e3b74032c061 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Thu, 22 Feb 2024 18:56:26 +1100
+Subject: [PATCH] Use strncpy to avoid buffer overflow
+
+Index: pillow-9.0.1/Tests/test_imagecms.py
+===================================================================
+--- pillow-9.0.1.orig/Tests/test_imagecms.py
++++ pillow-9.0.1/Tests/test_imagecms.py
+@@ -593,3 +593,8 @@ def test_auxiliary_channels_isolated():
+                 )
+ 
+                 assert_image_equal(test_image.convert(dst_format[2]), reference_image)
++
++def test_long_modes():
++    p = ImageCms.getOpenProfile("Tests/icc/sGrey-v2-nano.icc")
++    ImageCms.buildTransform(p, p, "ABCDEFGHI", "ABCDEFGHI")
++
+Index: pillow-9.0.1/src/_imagingcms.c
+===================================================================
+--- pillow-9.0.1.orig/src/_imagingcms.c
++++ pillow-9.0.1/src/_imagingcms.c
+@@ -201,8 +201,8 @@ cms_transform_new(cmsHTRANSFORM transfor
+ 
+     self->transform = transform;
+ 
+-    strcpy(self->mode_in, mode_in);
+-    strcpy(self->mode_out, mode_out);
++    strncpy(self->mode_in, mode_in, 8);
++    strncpy(self->mode_out, mode_out, 8);
+ 
+     return (PyObject *)self;
+ }
+@@ -244,8 +244,8 @@ findLCMStype(char *PILmode) {
+     }
+ 
+     else {
+-        /* take a wild guess... but you probably should fail instead. */
+-        return TYPE_GRAY_8; /* so there's no buffer overrun... */
++        /* take a wild guess... */
++        return TYPE_GRAY_8;
+     }
+ }
+ 
diff -Nru pillow-9.0.1/debian/patches/series pillow-9.0.1/debian/patches/series
--- pillow-9.0.1/debian/patches/series	2024-01-25 15:09:49.000000000 +0000
+++ pillow-9.0.1/debian/patches/series	2024-04-15 11:58:20.000000000 +0000
@@ -8,3 +8,4 @@
 CVE-2023-50447-1.patch
 CVE-2023-50447-2.patch
 CVE-2023-50447-3.patch
+CVE-2024-28219.patch
diff -Nru pillow-9.0.1/debian/source/include-binaries pillow-9.0.1/debian/source/include-binaries
--- pillow-9.0.1/debian/source/include-binaries	2022-12-12 19:50:54.000000000 +0000
+++ pillow-9.0.1/debian/source/include-binaries	2024-04-15 11:59:55.000000000 +0000
@@ -1,2 +1,3 @@
 Tests/images/tga_id_field.tga
 Tests/images/decompression_bomb_extents.gif
+Tests/icc/sGrey-v2-nano.icc
\ No newline at end of file