Publishing details

Removed from disk on 2021-05-20.
Removal requested on 2021-05-20.
Superseded on 2021-05-19 by pillow - 7.2.0-1ubuntu0.3
Published on 2021-03-11
Copied from ubuntu groovy in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

pillow (7.2.0-1ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: insufficient fix for CVE-2020-35654
    - debian/patches/CVE-2021-25289.patch: improve return code check in
      src/libImaging/TiffDecode.c.
    - CVE-2021-25289
  * SECURITY UPDATE: negative-offset memcpy with an invalid size
    - debian/patches/CVE-2021-25290.patch: add extra check to
      src/libImaging/TiffDecode.c.
    - CVE-2021-25290
  * SECURITY UPDATE: invalid tile boundaries could lead to an OOB Read
    - debian/patches/CVE-2021-25291.patch: check tile validity in
      src/libImaging/TiffDecode.c.
    - CVE-2021-25291
  * SECURITY UPDATE: DoS via backtrack regex
    - debian/patches/CVE-2021-25292.patch: use more specific regex in
      src/PIL/PdfParser.py.
    - CVE-2021-25292
  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2021-25293.patch: add more checks to
      src/libImaging/SgiRleDecode.c.
    - CVE-2021-25293
  * SECURITY UPDATE: DoS via invalid reported size
    - debian/patches/CVE-2021-2792x.patch: check reported sizes in
      src/PIL/BlpImagePlugin.py, src/PIL/IcnsImagePlugin.py,
      src/PIL/IcoImagePlugin.py.
    - CVE-2021-27921
    - CVE-2021-27922
    - CVE-2021-27923

 -- Marc Deslauriers <email address hidden>  Wed, 10 Mar 2021 12:41:13 -0500

Available diffs

diff from 7.2.0-1ubuntu0.1 to 7.2.0-1ubuntu0.2 (5.8 KiB)

Builds

Package files

pillow_7.2.0-1ubuntu0.2.debian.tar.xz (25.2 KiB)
pillow_7.2.0-1ubuntu0.2.dsc (2.4 KiB)
pillow_7.2.0.orig.tar.xz (32.0 MiB)
python-pil-doc_7.2.0-1ubuntu0.2_all.deb (524.8 KiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_amd64.deb (1.1 MiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_arm64.deb (1.0 MiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_armhf.deb (1.0 MiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_ppc64el.deb (1.1 MiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_riscv64.deb (1.0 MiB)
python3-pil-dbg_7.2.0-1ubuntu0.2_s390x.deb (1.1 MiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_amd64.deb (26.0 KiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_arm64.deb (26.0 KiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_armhf.deb (25.8 KiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_ppc64el.deb (27.2 KiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_riscv64.deb (25.4 KiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_s390x.deb (25.9 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_amd64.deb (8.9 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_arm64.deb (8.8 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_armhf.deb (8.4 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_ppc64el.deb (9.4 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_riscv64.deb (8.3 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.2_s390x.deb (8.7 KiB)
python3-pil_7.2.0-1ubuntu0.2_amd64.deb (363.8 KiB)
python3-pil_7.2.0-1ubuntu0.2_arm64.deb (347.3 KiB)
python3-pil_7.2.0-1ubuntu0.2_armhf.deb (333.6 KiB)
python3-pil_7.2.0-1ubuntu0.2_ppc64el.deb (386.7 KiB)
python3-pil_7.2.0-1ubuntu0.2_riscv64.deb (351.7 KiB)
python3-pil_7.2.0-1ubuntu0.2_s390x.deb (371.0 KiB)