Ubuntu
pillow package

Change logs for pillow source package in Impish

Impish (21.10)
Change log

pillow (8.1.2+dfsg-0.3ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: regular expression DoS
    - debian/patches/CVE-2021-23437.patch: raise ValueError if color
      specifier is too long in Tests/test_imagecolor.py,
      src/PIL/ImageColor.py.
    - CVE-2021-23437
  * SECURITY UPDATE: improper initialization
    - debian/patches/CVE-2022-22815.patch: initialize coordinates to zero
      in Tests/test_imagepath.py, src/path.c.
    - CVE-2022-22815
  * SECURITY UPDATE: buffer over-read during initialization
    - debian/patches/CVE-2022-22816.patch: handle case where path count is
      zero in Tests/test_imagepath.py, src/path.c.
    - CVE-2022-22816
  * SECURITY UPDATE: evaluation of arbitrary expressions
    - debian/patches/CVE-2022-22817.patch: restrict builtins for
      ImageMath.eval in Tests/test_imagemath.py, src/PIL/ImageMath.py.
    - CVE-2022-22817

 -- Marc Deslauriers <email address hidden>  Wed, 12 Jan 2022 12:49:56 -0500

pillow (8.1.2+dfsg-0.3) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix "CVE-2021-34552 - buffer overflow in Convert.c. Replace sprintf with
    snprintf. Backport upstream change from 8.3 to 8.1. (Closes: #991293)

 -- Neil Williams <email address hidden>  Tue, 20 Jul 2021 06:42:31 +0100

pillow (8.1.2+dfsg-0.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Cherrypick security fixes from 8.2:
    - CVE-2021-25287 / CVE-2021-25288 / CVE-2021-28675 / CVE-2021-28676
      CVE-2021-28677 / CVE-2021-28678 (Closes: #989062)

 -- Moritz Muehlenhoff <email address hidden>  Sun, 13 Jun 2021 18:11:04 +0200

pillow (8.1.2+dfsg-0.1ubuntu1) impish; urgency=medium

  * SECURITY UPDATE: OOB read in Jpeg2KDecode
    - debian/patches/CVE-2021-25287_8.patch: handle different widths for
      each band in src/libImaging/Jpeg2KDecode.c.
    - CVE-2021-25287
    - CVE-2021-25288
  * SECURITY UPDATE: DOS in PsdImagePlugin
    - debian/patches/CVE-2021-28675.patch: sanity check the number of
      input layers in Tests/test_decompression_bomb.py,
      Tests/test_file_apng.py, Tests/test_file_blp.py,
      Tests/test_file_tiff.py, src/PIL/ImageFile.py,
      src/PIL/PsdImagePlugin.py.
    - CVE-2021-28675
  * SECURITY UPDATE: FLI DOS
    - debian/patches/CVE-2021-28676.patch: check the block advance in
      src/libImaging/FliDecode.c.
    - CVE-2021-28676
  * SECURITY UPDATE: EPS DOS on _open
    - debian/patches/CVE-2021-28677.patch: properly handle line endings in
      src/PIL/EpsImagePlugin.py.
    - CVE-2021-28677
  * SECURITY UPDATE: BLP DOS
    - debian/patches/CVE-2021-28678.patch: check that reads return data in
      src/PIL/BlpImagePlugin.py.
    - CVE-2021-28678

 -- Marc Deslauriers <email address hidden>  Tue, 18 May 2021 07:02:45 -0400

pillow (8.1.2+dfsg-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Repack for DFSG compliance and update d/copyright. Closes: #952899.
  * Update d/watch for +dfsg repack.

 -- Romain Porte <email address hidden>  Sat, 24 Apr 2021 15:51:24 +0200

pillow (8.1.2-1) unstable; urgency=high

  * New upstream version.
    - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922)
      and ICO (CVE-2021-27923) Image Plugins.

 -- Matthias Klose <email address hidden>  Tue, 09 Mar 2021 08:12:51 +0100

Ubuntupillow package

Change logs for pillow source package in Impish

Ubuntu
pillow package