-
pillow (3.1.2-0ubuntu1.6) xenial-security; urgency=medium
* SECURITY UPDATE: negative-offset memcpy with an invalid size
- debian/patches/CVE-2021-25290.patch: add extra check to
libImaging/TiffDecode.c.
- CVE-2021-25290
* SECURITY UPDATE: DoS via invalid reported size
- debian/patches/CVE-2021-2792x.patch: check reported sizes in
PIL/IcnsImagePlugin.py, PIL/IcoImagePlugin.py.
- CVE-2021-27922
- CVE-2021-27923
-- Marc Deslauriers <email address hidden> Thu, 11 Mar 2021 07:51:05 -0500
-
pillow (3.1.2-0ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: buffer over-read via PCX file
- debian/patches/CVE-2020-35653.patch: don't trust the image to specify
a buffer size in PIL/PcxImagePlugin.py, removed failing test in
Tests/test_image.py.
- CVE-2020-35653
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2021 10:51:58 -0500
-
pillow (3.1.2-0ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: multiple out of bounds reads
- debian/patches/CVE-2020-10177-1.patch: fix issue in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-2.patch: refactor to macro in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
in src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-7.patch: fix comments in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-8.patch: additional FLI check in
src/libImaging/FliDecode.c.
- CVE-2020-10177
* SECURITY UPDATE: out of bounds read with PCX files
- debian/patches/CVE-2020-10378.patch: fix OOB Access in
src/libImaging/PcxDecode.c.
- CVE-2020-10378
* SECURITY UPDATE: out-of-bounds read via JP2 file
- debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
src/libImaging/Jpeg2KDecode.c.
- debian/patches/CVE-2020-10994-2.patch: fix typo in
src/libImaging/Jpeg2KDecode.c.
- CVE-2020-10994
-- Marc Deslauriers <email address hidden> Tue, 07 Jul 2020 13:43:43 -0400
-
pillow (3.1.2-0ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Exceed memory amount and delay in process image
- debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
PIL/PsdImagePlugin.py, Added decompression bomb checks in
PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
in Tests/images/*.
- CVE-2019-16865
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-19911.patch: Raise an error for an invalid
number of bands in FPX image in PIL/FpxImagePlugin.py.
- CVE-2019-19911
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
in libImaging/PcxDecode.c.
- CVE-2020-5312
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
libImaging/FliDecode.c.
- CVE-2020-5313
* Fix decompression tests that failed
- debian/patches/Fixing_decompression_test.patch: Tests/test_decompression.py.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 30 Jan 2020 17:15:56 -0300
-
pillow (3.1.2-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: information disclosure via crafted image
- debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
- CVE-2016-9189
* SECURITY UPDATE: code execution via crafted image
- debian/patches/CVE-2016-9190.patch: add size check to
libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
Tests/test_file_ppm.py.
- CVE-2016-9190
-- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 08:09:36 -0500
-
pillow (3.1.2-0ubuntu1) xenial; urgency=medium
* Pillow 3.1.2 release.
- CVE-2016-3076; Fix an integer overflow in Jpeg2KEncode.c causing a
buffer overflow.
-- Matthias Klose <email address hidden> Sat, 16 Apr 2016 17:54:58 +0200
-
pillow (3.1.1-1) unstable; urgency=medium
* Pillow 3.1.1 release.
- CVE-2016-0740: Fix buffer overflow in TiffDecode.c. Closes: #813905.
- CVE-2016-0775: Fix buffer overflow in FliDecode.c. Closes: #813909.
-- Matthias Klose <email address hidden> Wed, 10 Feb 2016 10:40:44 +0100
-
pillow (3.1.0-1) unstable; urgency=medium
* Pillow 3.1.0 release.
* Breaks rapid-photo-downloader (<< 0.4.11). Closes: #806976.
* Breaks tilestache (<< 1.49.8-3). Closes: #808238.
* Install upstream changelog. Closes: #805694.
-- Matthias Klose <email address hidden> Tue, 19 Jan 2016 17:49:58 +0100
-
pillow (3.0.0-1build1) xenial; urgency=medium
* No-change rebuild to drop python3.4 support.
-- Matthias Klose <email address hidden> Tue, 19 Jan 2016 00:10:10 +0000
-
pillow (3.0.0-1) unstable; urgency=medium
* Pillow 3.0.0 release.
-- Matthias Klose <email address hidden> Mon, 30 Nov 2015 08:35:40 +0100
-
pillow (2.9.0-1) unstable; urgency=medium
* Pillow 2.9.0 release.
* d/rules: Don't add $DEB_HOST_MULTIARCH to SOABI for Python 3.5 since
it's already included there. Closes: #790085.
-- Matthias Klose <email address hidden> Wed, 12 Aug 2015 02:59:31 +0200
