Change log for pillow package in Ubuntu

175 of 88 results
Published in xenial-updates on 2021-01-18
Published in xenial-security on 2021-01-18
pillow (3.1.2-0ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer over-read via PCX file
    - debian/patches/CVE-2020-35653.patch: don't trust the image to specify
      a buffer size in PIL/PcxImagePlugin.py, removed failing test in
      Tests/test_image.py.
    - CVE-2020-35653

 -- Marc Deslauriers <email address hidden>  Wed, 13 Jan 2021 10:51:58 -0500
Published in bionic-updates on 2021-01-18
Published in bionic-security on 2021-01-18
pillow (5.1.0-1ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer over-read via PCX file
    - debian/patches/CVE-2020-35653.patch: don't trust the image to specify
      a buffer size in src/PIL/PcxImagePlugin.py.
    - CVE-2020-35653
  * SECURITY UPDATE: buffer over-read via SGI RLE image file
    - debian/patches/CVE-2020-35655-1.patch: add checks to
      src/libImaging/SgiRleDecode.c.
    - debian/patches/CVE-2020-35655-2.patch: rework error flags in
      src/libImaging/SgiRleDecode.c.
    - CVE-2020-35655

 -- Marc Deslauriers <email address hidden>  Wed, 13 Jan 2021 10:51:02 -0500
Published in focal-updates on 2021-01-18
Published in focal-security on 2021-01-18
pillow (7.0.0-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer over-read via PCX file
    - debian/patches/CVE-2020-35653.patch: don't trust the image to specify
      a buffer size in src/PIL/PcxImagePlugin.py.
    - CVE-2020-35653
  * SECURITY UPDATE: heap overflow via YCbCr files
    - debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings
      in src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-35654-2.patch: fix OOB write in
      src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-35654-3.patch: rework ReadTile in
      src/libImaging/TiffDecode.c.
    - CVE-2020-35654
  * SECURITY UPDATE: buffer over-read via SGI RLE image file
    - debian/patches/CVE-2020-35655-1.patch: add checks to
      src/libImaging/SgiRleDecode.c.
    - debian/patches/CVE-2020-35655-2.patch: rework error flags in
      src/libImaging/SgiRleDecode.c.
    - CVE-2020-35655

 -- Marc Deslauriers <email address hidden>  Wed, 13 Jan 2021 09:55:14 -0500
Published in groovy-updates on 2021-01-18
Published in groovy-security on 2021-01-18
pillow (7.2.0-1ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: buffer over-read via PCX file
    - debian/patches/CVE-2020-35653.patch: don't trust the image to specify
      a buffer size in src/PIL/PcxImagePlugin.py.
    - CVE-2020-35653
  * SECURITY UPDATE: heap overflow via YCbCr files
    - debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings
      in src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-35654-2.patch: fix OOB write in
      src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-35654-3.patch: rework ReadTile in
      src/libImaging/TiffDecode.c.
    - CVE-2020-35654
  * SECURITY UPDATE: buffer over-read via SGI RLE image file
    - debian/patches/CVE-2020-35655-1.patch: add checks to
      src/libImaging/SgiRleDecode.c.
    - debian/patches/CVE-2020-35655-2.patch: rework error flags in
      src/libImaging/SgiRleDecode.c.
    - CVE-2020-35655

 -- Marc Deslauriers <email address hidden>  Wed, 13 Jan 2021 09:35:02 -0500
Published in hirsute-release on 2021-01-07
Deleted in hirsute-proposed (Reason: moved to Release)
pillow (8.1.0-1) unstable; urgency=medium

  * New upstream version.
  * Bump standards and debhelper versions.

 -- Matthias Klose <email address hidden>  Wed, 06 Jan 2021 13:18:02 +0100
Superseded in hirsute-release on 2021-01-07
Deleted in hirsute-proposed on 2021-01-08 (Reason: moved to Release)
pillow (8.0.1-1build1) hirsute; urgency=medium

  * No-change rebuild to drop python3.8 extensions.

 -- Matthias Klose <email address hidden>  Mon, 07 Dec 2020 18:45:05 +0100
Superseded in hirsute-release on 2020-12-15
Deleted in hirsute-proposed on 2020-12-16 (Reason: moved to Release)
pillow (8.0.1-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Thu, 29 Oct 2020 20:02:10 +0100
Superseded in hirsute-release on 2020-11-16
Deleted in hirsute-proposed on 2020-11-17 (Reason: moved to Release)
pillow (7.2.0-1build1) hirsute; urgency=medium

  * No-change rebuild to build with python3.9 as supported.

 -- Matthias Klose <email address hidden>  Sat, 24 Oct 2020 12:44:06 +0200
Superseded in focal-updates on 2021-01-18
Superseded in focal-security on 2021-01-18
pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple out of bounds reads
    - debian/patches/CVE-2020-10177-1.patch: fix issue in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
      in src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-7.patch: fix comments in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
      src/libImaging/FliDecode.c.
    - CVE-2020-10177
  * SECURITY UPDATE: out of bounds read with PCX files
    - debian/patches/CVE-2020-10378.patch: fix OOB Access in
      src/libImaging/PcxDecode.c.
    - CVE-2020-10378
  * SECURITY UPDATE: two buffer overflows
    - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
      Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
      src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-3.patch: fix typos in
      src/libImaging/TiffDecode.c.
    - CVE-2020-10379
  * SECURITY UPDATE: out-of-bounds read via JP2 file
    - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
      src/libImaging/Jpeg2KDecode.c.
    - debian/patches/CVE-2020-10994-2.patch: fix typo in
      src/libImaging/Jpeg2KDecode.c.
    - CVE-2020-10994
  * SECURITY UPDATE: out-of-bounds read via SGI file
    - debian/patches/CVE-2020-11538.patch: track number of pixels, not the
      number of runs in src/libImaging/SgiRleDecode.c.
    - CVE-2020-11538

 -- Marc Deslauriers <email address hidden>  Tue, 07 Jul 2020 13:14:10 -0400
Superseded in hirsute-release on 2020-10-25
Published in groovy-release on 2020-07-17
Deleted in groovy-proposed (Reason: moved to Release)
pillow (7.2.0-1) unstable; urgency=medium

  * New upstream version.
  * Update debian/copyright, partially addresses #952899.
    - Mention contributors.
    - Add copyright information for fonts.
  * Bump debhelper version.

 -- Matthias Klose <email address hidden>  Thu, 16 Jul 2020 13:42:51 +0200
Superseded in bionic-updates on 2021-01-18
Superseded in bionic-security on 2021-01-18
pillow (5.1.0-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: multiple out of bounds reads
    - debian/patches/CVE-2020-10177-1.patch: fix issue in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
      in src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-7.patch: fix comments in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
      src/libImaging/FliDecode.c.
    - CVE-2020-10177
  * SECURITY UPDATE: out of bounds read with PCX files
    - debian/patches/CVE-2020-10378.patch: fix OOB Access in
      src/libImaging/PcxDecode.c.
    - CVE-2020-10378
  * SECURITY UPDATE: out-of-bounds read via JP2 file
    - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
      src/libImaging/Jpeg2KDecode.c.
    - debian/patches/CVE-2020-10994-2.patch: fix typo in
      src/libImaging/Jpeg2KDecode.c.
    - CVE-2020-10994
  * SECURITY UPDATE: out-of-bounds read via SGI file
    - debian/patches/CVE-2020-11538.patch: track number of pixels, not the
      number of runs in src/libImaging/SgiRleDecode.c.
    - CVE-2020-11538

 -- Marc Deslauriers <email address hidden>  Tue, 07 Jul 2020 13:35:30 -0400
Superseded in xenial-updates on 2021-01-18
Superseded in xenial-security on 2021-01-18
pillow (3.1.2-0ubuntu1.4) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple out of bounds reads
    - debian/patches/CVE-2020-10177-1.patch: fix issue in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
      in src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-7.patch: fix comments in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
      src/libImaging/FliDecode.c.
    - CVE-2020-10177
  * SECURITY UPDATE: out of bounds read with PCX files
    - debian/patches/CVE-2020-10378.patch: fix OOB Access in
      src/libImaging/PcxDecode.c.
    - CVE-2020-10378
  * SECURITY UPDATE: out-of-bounds read via JP2 file
    - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
      src/libImaging/Jpeg2KDecode.c.
    - debian/patches/CVE-2020-10994-2.patch: fix typo in
      src/libImaging/Jpeg2KDecode.c.
    - CVE-2020-10994

 -- Marc Deslauriers <email address hidden>  Tue, 07 Jul 2020 13:43:43 -0400
Superseded in groovy-release on 2020-07-17
Deleted in groovy-proposed on 2020-07-19 (Reason: moved to Release)
pillow (7.0.0-4ubuntu1) groovy; urgency=medium

  * SECURITY UPDATE: multiple out of bounds reads
    - debian/patches/CVE-2020-10177-1.patch: fix issue in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
      in src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-7.patch: fix comments in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
      src/libImaging/FliDecode.c.
    - CVE-2020-10177
  * SECURITY UPDATE: out of bounds read with PCX files
    - debian/patches/CVE-2020-10378.patch: fix OOB Access in
      src/libImaging/PcxDecode.c.
    - CVE-2020-10378
  * SECURITY UPDATE: two buffer overflows
    - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
      Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
      src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-3.patch: fix typos in
      src/libImaging/TiffDecode.c.
    - CVE-2020-10379
  * SECURITY UPDATE: out-of-bounds read via JP2 file
    - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
      src/libImaging/Jpeg2KDecode.c.
    - debian/patches/CVE-2020-10994-2.patch: fix typo in
      src/libImaging/Jpeg2KDecode.c.
    - CVE-2020-10994
  * SECURITY UPDATE: out-of-bounds read via SGI file
    - debian/patches/CVE-2020-11538.patch: track number of pixels, not the
      number of runs in src/libImaging/SgiRleDecode.c.
    - CVE-2020-11538

 -- Marc Deslauriers <email address hidden>  Tue, 07 Jul 2020 13:14:10 -0400

Available diffs

Superseded in groovy-release on 2020-07-14
Published in focal-release on 2020-02-21
Deleted in focal-proposed (Reason: moved to Release)
pillow (7.0.0-4build1) focal; urgency=medium

  * No-change rebuild to drop python3.7.

 -- Matthias Klose <email address hidden>  Tue, 18 Feb 2020 10:44:40 +0100
Obsolete in eoan-updates on 2020-12-29
Obsolete in eoan-security on 2020-12-29
pillow (6.1.0-1ubuntu0.2) eoan-security; urgency=medium

  * SECURITY UPDATE: Exceed memory amount and delay in process image
    - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
      PIL/PsdImagePlugin.py, Added decompression bomb checks in
      PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
      in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
      in Tests/images/*.
    - CVE-2019-16865
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
      number of bands in FPX image in PIL/FpxImagePlugin.py and added some
      testes in Test/images/*.
    - CVE-2019-19911
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-5310.patch: Overflow checks for realloc for tiff
      decoding in src/libImaging/TiffDecode.c and added tests in Test/images/*.
    - CVE-2020-5310
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5311.patch: catch SGI buffer overruns
      in src/libImaging/SgiRleDecode.c.
    - CVE-2020-5311
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
      in libImaging/PcxDecode.c and added some tests in Test/images/*.
    - CVE-2020-5312
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
      libImaging/FliDecode.c and added some tests in Test/images/*.
    - CVE-2020-5313

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 03 Feb 2020 14:50:52 -0300
Superseded in bionic-updates on 2020-07-22
Superseded in bionic-security on 2020-07-22
pillow (5.1.0-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Exceed memory amount and delay in process image
    - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
      PIL/PsdImagePlugin.py, Added decompression bomb checks in
      PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
      in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
      in Tests/images/*.
    - CVE-2019-16865
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
      number of bands in FPX image in PIL/FpxImagePlugin.py and added some
      testes in Test/images/*.
    - CVE-2019-19911
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5311.patch: catch SGI buffer overruns
      in src/libImaging/SgiRleDecode.c.
    - CVE-2020-5311
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
      in libImaging/PcxDecode.c and added some tests in Test/images/*.
    - CVE-2020-5312
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
      libImaging/FliDecode.c and added some tests in Test/images/*.
    - CVE-2020-5313

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 03 Feb 2020 13:04:40 -0300
Superseded in xenial-updates on 2020-07-22
Superseded in xenial-security on 2020-07-22
pillow (3.1.2-0ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Exceed memory amount and delay in process image
    - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
      PIL/PsdImagePlugin.py, Added decompression bomb checks in
      PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
      in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
      in Tests/images/*.
    - CVE-2019-16865
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
      number of bands in FPX image in PIL/FpxImagePlugin.py.
    - CVE-2019-19911
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
      in libImaging/PcxDecode.c.
    - CVE-2020-5312
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
      libImaging/FliDecode.c.
    - CVE-2020-5313
  * Fix decompression tests that failed
    - debian/patches/Fixing_decompression_test.patch: Tests/test_decompression.py.

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 30 Jan 2020 17:15:56 -0300
Superseded in focal-release on 2020-02-21
Deleted in focal-proposed on 2020-02-22 (Reason: moved to Release)
pillow (7.0.0-4) unstable; urgency=medium

  * Don't rely on python2's python.mk in the build.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Wed, 29 Jan 2020 08:33:20 +0100

Available diffs

Superseded in focal-proposed on 2020-01-29
pillow (7.0.0-3) unstable; urgency=medium

  * Drop the Python2 autopkg tests.

 -- Matthias Klose <email address hidden>  Sun, 12 Jan 2020 09:54:31 +0100

Available diffs

Superseded in focal-proposed on 2020-01-12
pillow (7.0.0-2) unstable; urgency=medium

  * Build-depend on python2 for the use of python.mk.

 -- Matthias Klose <email address hidden>  Mon, 06 Jan 2020 16:19:39 +0100

Available diffs

Superseded in focal-release on 2020-01-29
Deleted in focal-proposed on 2020-02-09 (Reason: moved to Release)
pillow (6.2.1-2) unstable; urgency=medium

  * Call python2 in the autopkg python2 tests.

 -- Matthias Klose <email address hidden>  Mon, 04 Nov 2019 08:41:21 +0100
Superseded in focal-proposed on 2019-11-04
pillow (6.2.1-1) unstable; urgency=medium

  * New upstream version, "last Pillow release to support Python 2.7".
  * Replaces python-dbg debpendencies with python2-dbg.
  * Remove Python2 suggests.

 -- Matthias Klose <email address hidden>  Sat, 26 Oct 2019 16:49:09 +0200

Available diffs

Superseded in focal-release on 2019-11-10
Deleted in focal-proposed on 2019-11-11 (Reason: moved to Release)
pillow (6.1.0-1build1) focal; urgency=medium

  * No-change rebuild to build with python3.8.

 -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 18:08:59 +0000
Superseded in focal-proposed on 2019-10-26
pillow (6.2.0-1) unstable; urgency=medium

  * New upstream version, last version supporting Python2.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Wed, 16 Oct 2019 15:47:42 +0200
Superseded in focal-release on 2019-10-25
Obsolete in eoan-release on 2020-12-29
Deleted in eoan-proposed on 2020-12-29 (Reason: moved to release)
pillow (6.1.0-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Sun, 07 Jul 2019 14:36:49 +0200

Available diffs

Superseded in eoan-release on 2019-07-12
Deleted in eoan-proposed on 2019-07-13 (Reason: moved to release)
pillow (5.4.1-2) unstable; urgency=medium

  * Allow for unknown PNG chunks after image data. Closes: #926552.

 -- Matthias Klose <email address hidden>  Sun, 07 Apr 2019 02:53:28 +0200

Available diffs

Superseded in eoan-release on 2019-04-22
Obsolete in disco-release on 2020-07-14
Deleted in disco-proposed on 2020-07-14 (Reason: moved to release)
pillow (5.4.1-1) unstable; urgency=medium

  * New upstream version.
  * Enable imagequant support.

 -- Matthias Klose <email address hidden>  Fri, 18 Jan 2019 11:05:56 +0100

Available diffs

Superseded in disco-release on 2018-11-20
Deleted in disco-proposed on 2018-11-21 (Reason: moved to release)
pillow (5.2.0-2build1) disco; urgency=medium

  * No-change rebuild to build without python3.6 support.

 -- Matthias Klose <email address hidden>  Sat, 03 Nov 2018 11:52:02 +0000
Superseded in disco-release on 2019-03-20
Deleted in disco-proposed on 2019-03-22 (Reason: moved to release)
pillow (5.3.0-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Thu, 18 Oct 2018 12:16:31 +0200
Superseded in disco-release on 2018-11-07
Obsolete in cosmic-release on 2020-07-13
Deleted in cosmic-proposed on 2020-07-13 (Reason: moved to release)
pillow (5.2.0-2) unstable; urgency=medium

  * Apply proposed patch for issue #3227. Closes: #887752.

 -- Matthias Klose <email address hidden>  Fri, 20 Jul 2018 14:57:58 +0200

Available diffs

Superseded in cosmic-release on 2018-07-20
Deleted in cosmic-proposed on 2018-07-22 (Reason: moved to release)
pillow (5.2.0-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Wed, 11 Jul 2018 14:50:06 +0200
Superseded in cosmic-release on 2018-07-11
Deleted in cosmic-proposed on 2018-07-13 (Reason: moved to release)
pillow (5.1.0-1build1) cosmic; urgency=medium

  * No-change rebuild to build for python3.7.

 -- Matthias Klose <email address hidden>  Thu, 28 Jun 2018 06:54:03 +0000
Superseded in cosmic-release on 2018-06-29
Published in bionic-release on 2018-04-10
Deleted in bionic-proposed (Reason: moved to release)
pillow (5.1.0-1) unstable; urgency=medium

  * New upstream version.
  * Add recommendations for olefile.

 -- Matthias Klose <email address hidden>  Mon, 09 Apr 2018 15:43:37 +0200

Available diffs

Superseded in bionic-release on 2018-04-10
Deleted in bionic-proposed on 2018-04-11 (Reason: moved to release)
pillow (5.0.0-1) unstable; urgency=medium

  * New upstream version.
    - Closing old python-imaging issues. Closes: #510877, #708449, #806973.
    - Example scripts not installed anymore. Closes: #513536, #554906.
  * Stop building the python-imaging package.
  * Build-depend on libraqm-dev.
  * python-pil-doc: Stop suggesting python-pil-doc-html. Closes: #814567.

 -- Matthias Klose <email address hidden>  Sat, 06 Jan 2018 00:24:59 +0100
Superseded in bionic-release on 2018-03-09
Deleted in bionic-proposed on 2018-03-11 (Reason: moved to release)
pillow (4.3.0-2ubuntu1) bionic; urgency=medium

  * Apply fix for upstream issue #2825. Not updating the binary test
    files, not running the test on 32bit targets.

 -- Matthias Klose <email address hidden>  Sat, 16 Dec 2017 09:21:02 +0100
Superseded in bionic-proposed on 2017-12-16
pillow (4.3.0-2) unstable; urgency=medium

  * Install the ImagingUtils.h header file. Closes: #879788.

 -- Matthias Klose <email address hidden>  Thu, 26 Oct 2017 08:53:42 +0200
Superseded in bionic-release on 2017-12-16
Obsolete in artful-release on 2020-07-10
Deleted in artful-proposed on 2020-07-10 (Reason: moved to release)
pillow (4.1.1-3build2) artful; urgency=medium

  * No change rebuild to drop Python 3.5 support.

 -- Michael Hudson-Doyle <email address hidden>  Mon, 14 Aug 2017 13:28:56 +1200
Deleted in artful-proposed on 2017-08-08 (Reason: temporarily remove pillow, causing regressions building s...)
pillow (4.2.1-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Thu, 03 Aug 2017 18:56:22 -0400
Superseded in artful-release on 2017-08-14
Deleted in artful-proposed on 2017-08-16 (Reason: moved to release)
Superseded in artful-proposed on 2017-08-04
pillow (4.1.1-3build1) artful; urgency=medium

  * No-change rebuild against libwebpmux3

 -- Steve Langasek <email address hidden>  Fri, 28 Jul 2017 03:56:21 +0000
Superseded in artful-release on 2017-08-08
Deleted in artful-proposed on 2017-08-10 (Reason: moved to release)
pillow (4.1.1-3) unstable; urgency=medium

  * Restore the python-imaging package for the upload to unstable.

 -- Matthias Klose <email address hidden>  Sat, 01 Jul 2017 12:08:54 +0200

Available diffs

Superseded in artful-proposed on 2017-07-01
pillow (4.1.1-2) experimental; urgency=medium

  * Re-add olefile build dependencies.

 -- Matthias Klose <email address hidden>  Fri, 12 May 2017 12:24:32 -0700
Published in trusty-updates on 2017-03-13
Published in trusty-security on 2017-03-13
pillow (2.3.0-1ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: information disclosure via crafted image
    - debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
    - CVE-2016-9189
  * SECURITY UPDATE: code execution via crafted image
    - debian/patches/CVE-2016-9190.patch: add size check to
      libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
      Tests/test_file_ppm.py.
    - CVE-2016-9190
  * SECURITY UPDATE: re-enabled CVE-2014-9601 fix
    - debian/patches/pillow-CVE-2014-9601-pre.patch: rename len variables
      as length in PIL/PngImagePlugin.py.
    - debian/patches/pillow-CVE-2014-9601.patch: updated.
    - debian/patches/revert-CVE-201409601.patch: removed
    - CVE-2014-9601

 -- Marc Deslauriers <email address hidden>  Fri, 10 Mar 2017 08:26:41 -0500
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
pillow (3.3.1-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: information disclosure via crafted image
    - debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
    - CVE-2016-9189
  * SECURITY UPDATE: code execution via crafted image
    - debian/patches/CVE-2016-9190.patch: add size check to
      libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
      Tests/test_file_ppm.py.
    - CVE-2016-9190

 -- Marc Deslauriers <email address hidden>  Fri, 10 Mar 2017 08:00:21 -0500
Superseded in xenial-updates on 2020-02-06
Superseded in xenial-security on 2020-02-06
pillow (3.1.2-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: information disclosure via crafted image
    - debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
    - CVE-2016-9189
  * SECURITY UPDATE: code execution via crafted image
    - debian/patches/CVE-2016-9190.patch: add size check to
      libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
      Tests/test_file_ppm.py.
    - CVE-2016-9190

 -- Marc Deslauriers <email address hidden>  Fri, 10 Mar 2017 08:09:36 -0500
Superseded in artful-release on 2017-07-02
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
pillow (4.0.0-4) unstable; urgency=medium

  * Build again with internal OleFileIO module.

 -- Matthias Klose <email address hidden>  Tue, 24 Jan 2017 16:52:07 +0100

Available diffs

Superseded in zesty-release on 2017-01-25
Deleted in zesty-proposed on 2017-01-26 (Reason: moved to release)
pillow (4.0.0-3) unstable; urgency=medium

  * Re-add build dependencies on python*-olefile.

 -- Matthias Klose <email address hidden>  Tue, 10 Jan 2017 23:44:36 +0100

Available diffs

Superseded in zesty-proposed on 2017-01-11
pillow (4.0.0-2) unstable; urgency=medium

  * Add imagingtk-int-overflow.patch. Fix integer overflow on 32 bit
    architectures (Markus Koschany). Closes: #847812.

 -- Matthias Klose <email address hidden>  Mon, 09 Jan 2017 23:50:08 +0100

Available diffs

Superseded in zesty-release on 2017-01-11
Deleted in zesty-proposed on 2017-01-12 (Reason: moved to release)
pillow (4.0.0-1) unstable; urgency=medium

  * Pillow 4.0.0 release.

 -- Matthias Klose <email address hidden>  Thu, 05 Jan 2017 19:47:03 +0100

Available diffs

Superseded in zesty-release on 2017-01-09
Deleted in zesty-proposed on 2017-01-11 (Reason: moved to release)
pillow (3.4.2-1) unstable; urgency=medium

  * Pillow 3.4.2 release.

 -- Matthias Klose <email address hidden>  Wed, 02 Nov 2016 15:48:03 +0100

Available diffs

Superseded in trusty-updates on 2017-03-13
Superseded in trusty-security on 2017-03-13
pillow (2.3.0-1ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: revert fix for CVE-2014-9601 which caused regression
    - debian/patches/revert-CVE-201409601.patch

 -- Emily Ratliff <email address hidden>  Thu, 29 Sep 2016 20:48:05 -0500
Superseded in trusty-updates on 2016-09-30
Superseded in trusty-security on 2016-09-30
pillow (2.3.0-1ubuntu3.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ImagingFliDecode()
    - debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0775
  * SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
    - debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
      match that returned by libtiff
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0740
  * SECURITY UPDATE: PCD decoder overruns the shuffle buffer
    - debian/patches/pillow-CVE-2016-2533.patch: correct size adjustments
    - CVE-2016-2533
  * SECURITY-UPDATE: Icns DOS fix
    - debian/patches/pillow-CVE-2014-3589.patch: Icns DOS fix
    - Thanks to Andrew Drake for reporting this issue.
    - CVE-2014-3589
  * SECURITY-UPDATE: Fix potential PNG decompression DOS
    - debian/patches/pillow-CVE-2014-9601.patch: Fix PNG decompresson DOS
    - CVE-2014-9601

 -- Emily Ratliff <email address hidden>  Mon, 26 Sep 2016 18:03:27 -0500
Superseded in zesty-release on 2016-11-08
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
pillow (3.3.1-1) unstable; urgency=medium

  * Pillow 3.3.1 release.

 -- Matthias Klose <email address hidden>  Wed, 31 Aug 2016 16:32:48 +0200

Available diffs

Superseded in yakkety-release on 2016-09-01
Deleted in yakkety-proposed on 2016-09-02 (Reason: moved to release)
pillow (3.3.0-1) unstable; urgency=medium

  * Pillow 3.3.0 release.

 -- Matthias Klose <email address hidden>  Thu, 11 Aug 2016 10:18:19 +0200
Superseded in yakkety-proposed on 2016-08-11
pillow (3.2.0-2build1) yakkety; urgency=medium

  * No-change rebuild against libwebp6

 -- Iain Lane <email address hidden>  Tue, 09 Aug 2016 16:05:30 +0100
Superseded in yakkety-release on 2016-08-19
Deleted in yakkety-proposed on 2016-08-20 (Reason: moved to release)
pillow (3.2.0-2) unstable; urgency=medium

  * Don't run test needing the removed icc profiles.

 -- Matthias Klose <email address hidden>  Thu, 05 May 2016 17:42:07 +0200
Superseded in yakkety-proposed on 2016-05-05
pillow (3.2.0-1) unstable; urgency=medium

  * Pillow 3.2.0 release.

 -- Matthias Klose <email address hidden>  Sat, 16 Apr 2016 18:01:45 +0200
Superseded in yakkety-release on 2016-05-17
Published in xenial-release on 2016-04-16
Deleted in xenial-proposed (Reason: moved to release)
pillow (3.1.2-0ubuntu1) xenial; urgency=medium

  * Pillow 3.1.2 release.
    - CVE-2016-3076; Fix an integer overflow in Jpeg2KEncode.c causing a
      buffer overflow.

 -- Matthias Klose <email address hidden>  Sat, 16 Apr 2016 17:54:58 +0200
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
pillow (2.9.0-1ubuntu0.2) wily-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ImagingFliDecode()
    - debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
    - debian/source/include-binaries: add test image in
      Tests/images/fli_overflow.fli
    - CVE-2016-0775
  * SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
    - debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
      match that returned by libtiff
    - debian/source/include-binaries: add test image in
      Tests/images/libtiff_segfault.tif
    - CVE-2016-0740
  * SECURITY UPDATE: integer overflow in ImagingResampleHorizontal()
    - debian/patches/pillow-gh#1714.patch: check for integer overflow
  * SECURITY UPDATE: PCD decoder overruns the shuffle buffer
    - debian/patches/pillow-gh#1706.patch: correct size adjustments
    - CVE-2016-2533

 -- Steve Beattie <email address hidden>  Fri, 11 Mar 2016 12:12:04 -0800
Superseded in xenial-release on 2016-04-16
Deleted in xenial-proposed on 2016-04-18 (Reason: moved to release)
pillow (3.1.1-1) unstable; urgency=medium

  * Pillow 3.1.1 release.
    - CVE-2016-0740: Fix buffer overflow in TiffDecode.c. Closes: #813905.
    - CVE-2016-0775: Fix buffer overflow in FliDecode.c. Closes: #813909.

 -- Matthias Klose <email address hidden>  Wed, 10 Feb 2016 10:40:44 +0100

Available diffs

Superseded in xenial-release on 2016-02-10
Deleted in xenial-proposed on 2016-02-12 (Reason: moved to release)
pillow (3.1.0-1) unstable; urgency=medium

  * Pillow 3.1.0 release.
  * Breaks rapid-photo-downloader (<< 0.4.11). Closes: #806976.
  * Breaks tilestache (<< 1.49.8-3). Closes: #808238.
  * Install upstream changelog. Closes: #805694.

 -- Matthias Klose <email address hidden>  Tue, 19 Jan 2016 17:49:58 +0100
Superseded in xenial-release on 2016-01-25
Deleted in xenial-proposed on 2016-01-26 (Reason: moved to release)
pillow (3.0.0-1build1) xenial; urgency=medium

  * No-change rebuild to drop python3.4 support.

 -- Matthias Klose <email address hidden>  Tue, 19 Jan 2016 00:10:10 +0000
Superseded in xenial-release on 2016-01-20
Deleted in xenial-proposed on 2016-01-21 (Reason: moved to release)
pillow (3.0.0-1) unstable; urgency=medium

  * Pillow 3.0.0 release.

 -- Matthias Klose <email address hidden>  Mon, 30 Nov 2015 08:35:40 +0100

Available diffs

Superseded in xenial-release on 2015-11-30
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
pillow (2.9.0-1) unstable; urgency=medium

  * Pillow 2.9.0 release.
  * d/rules: Don't add $DEB_HOST_MULTIARCH to SOABI for Python 3.5 since
    it's already included there. Closes: #790085.

 -- Matthias Klose <email address hidden>  Wed, 12 Aug 2015 02:59:31 +0200
Superseded in wily-release on 2015-08-21
Deleted in wily-proposed on 2015-08-23 (Reason: moved to release)
pillow (2.8.1-1ubuntu1) wily; urgency=medium

  [ Barry Warsaw ]
  * d/rules: Don't add $DEB_HOST_MULTIARCH to SOABI for Python 3.5 since
    it's already included there.

 -- Steve Langasek <email address hidden>  Tue, 21 Jul 2015 21:21:22 +0000
Superseded in wily-release on 2015-07-21
Deleted in wily-proposed on 2015-07-23 (Reason: moved to release)
pillow (2.8.1-1) unstable; urgency=medium

  * Pillow 2.8.1 release.

 -- Matthias Klose <email address hidden>  Mon, 01 Jun 2015 19:15:59 +0200

Available diffs

Superseded in wily-release on 2015-06-02
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
pillow (2.7.0-1) experimental; urgency=medium


  * Pillow 2.7.0 release.
  * Stop building the sane package, not built anymore from this source.
  * Disable running the tests in debug mode for now, hangs the build.

 -- Matthias Klose <email address hidden>  Thu, 26 Feb 2015 14:29:15 +0100

Available diffs

Superseded in vivid-release on 2015-02-27
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
pillow (2.6.1-1) unstable; urgency=medium


  * Pillow 2.6.1 release.
  * Update jpeg build dependency. Closes: #763491.

 -- Matthias Klose <email address hidden>  Mon, 13 Oct 2014 20:30:42 +0200

Available diffs

Superseded in utopic-release on 2014-10-14
Deleted in utopic-proposed on 2014-10-15 (Reason: moved to release)
pillow (2.6.0-1) unstable; urgency=medium


  * Pillow 2.6.0 release.
  * Add test images missing in the release.

 -- Matthias Klose <email address hidden>  Thu, 02 Oct 2014 14:23:21 +0200

Available diffs

Superseded in utopic-release on 2014-10-06
Deleted in utopic-proposed on 2014-10-07 (Reason: moved to release)
pillow (2.6.0~rc1-1) unstable; urgency=medium


  * Pillow 2.6.0 release candidate 1.
    - Provides distributable test image files. Closes: #760171.
    - Fix comparing an Image to anything that's not an image. Closes: #758927.

 -- Matthias Klose <email address hidden>  Tue, 30 Sep 2014 12:13:58 +0200

Available diffs

Superseded in utopic-release on 2014-10-03
Deleted in utopic-proposed on 2014-10-04 (Reason: moved to release)
pillow (2.5.3-1) unstable; urgency=medium


  * Pillow 2.5.3 release.
    - Fix CVE-2014-3589, a DOS in the IcnsImagePlugin. Closes: #758772.
    - Fix CVE-2014-3598, a DOS in the Jpeg2KImagePlugin.
  * Build-Depend on dh-python.

 -- Matthias Klose <email address hidden>  Thu, 21 Aug 2014 08:56:15 +0200

Available diffs

Superseded in utopic-release on 2014-08-21
Deleted in utopic-proposed on 2014-08-22 (Reason: moved to release)
pillow (2.5.1-6) unstable; urgency=medium


  * Allow stderr output for the upstream autopkg tests.

 -- Matthias Klose <email address hidden>  Fri, 15 Aug 2014 00:15:29 +0200
Superseded in utopic-proposed on 2014-08-15
pillow (2.5.1-5) unstable; urgency=medium


  * Add python-nose, python3-nose to the autopkg test dependencies.

 -- Matthias Klose <email address hidden>  Wed, 13 Aug 2014 13:10:39 +0200

Available diffs

Superseded in utopic-proposed on 2014-08-13
pillow (2.5.1-4) unstable; urgency=medium


  * Run the tests sequentially, and increase the timeout.

 -- Matthias Klose <email address hidden>  Mon, 11 Aug 2014 19:20:32 +0200

Available diffs

Superseded in utopic-proposed on 2014-08-12
pillow (2.5.1-2) unstable; urgency=medium


  * Update autopkg tests for 2.5.

 -- Matthias Klose <email address hidden>  Sun, 10 Aug 2014 13:14:26 +0200

Available diffs

Superseded in utopic-proposed on 2014-08-11
pillow (2.5.1-1) unstable; urgency=medium


  * Pillow 2.5.1 release.

 -- Matthias Klose <email address hidden>  Thu, 17 Jul 2014 23:43:18 +0200
175 of 88 results