-
pillow (10.0.0-1ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in imagingcms.c
- debian/patches/CVE-2024-28219.patch: Use strncpy
to avoid buffer overflow
- CVE-2024-28219
-- Nick Galanis <email address hidden> Mon, 15 Apr 2024 14:52:02 +0100
-
pillow (10.0.0-1ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
- debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-2.patch: allow ops in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-3.patch: include further builtins in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- CVE-2023-50447
-- Marc Deslauriers <email address hidden> Thu, 25 Jan 2024 10:02:07 -0500
-
pillow (10.0.0-1) unstable; urgency=medium
* New upstream version.
-- Matthias Klose <email address hidden> Wed, 05 Jul 2023 18:58:54 +0200
-
pillow (9.5.0-1) unstable; urgency=medium
* New upstream version.
* Bump standards version.
* debian/patches/pkg-config-multiarch.diff: Remove, applied upstream.
-- Matthias Klose <email address hidden> Mon, 12 Jun 2023 09:30:20 +0200
-
pillow (9.4.0-1.1build1) lunar; urgency=medium
* Rebuild against latest tiff
-- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 14:40:34 -0500
