Publishing details

Published on 2024-03-03

Changelog

pillow (7.2.0-1ubuntu0.3+20.04.sav3) focal; urgency=medium

  * New security updates from Ubuntu 7.0.0-4ubuntu0.8 package (rebased):

  * SECURITY UPDATE: DoS in ImageFont via large textlength
    - debian/patches/CVE-2023-44271.patch: added a maximum string length in
      Tests/test_imagefont.py, docs/reference/ImageFont.rst,
      src/PIL/ImageFont.py.
    - CVE-2023-44271
  * SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
    - debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
      env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
    - debian/patches/CVE-2023-50447-2.patch: allow ops in
      Tests/test_imagemath.py, src/PIL/ImageMath.py.
    - debian/patches/CVE-2023-50447-3.patch: include further builtins in
      Tests/test_imagemath.py, src/PIL/ImageMath.py.
    - CVE-2023-50447
  [ patches thanks to Marc Deslauriers <email address hidden> ]

 -- Rob Savoury <email address hidden>  Sun, 03 Mar 2024 10:15:47 -0800

Available diffs

diff from 7.2.0-1ubuntu0.3+20.04.sav2 to 7.2.0-1ubuntu0.3+20.04.sav3 (4.0 KiB)

Builds

amd64

Built packages

python-pil-doc Examples for the Python Imaging Library

python3-pil Python Imaging Library (Python3)

python3-pil-dbg Python Imaging Library (Python3 debug extension)

python3-pil.imagetk Python Imaging Library - ImageTk Module (Python3)

python3-pil.imagetk-dbg Python Imaging Library - ImageTk Module (Python3 debug extension)

Package files

pillow_7.2.0-1ubuntu0.3+20.04.sav3.debian.tar.xz (40.4 KiB)
pillow_7.2.0-1ubuntu0.3+20.04.sav3.dsc (2.5 KiB)
pillow_7.2.0.orig.tar.xz (32.0 MiB)
python-pil-doc_7.2.0-1ubuntu0.3+20.04.sav3_all.deb (587.1 KiB)
python3-pil-dbg_7.2.0-1ubuntu0.3+20.04.sav3_amd64.deb (1.2 MiB)
python3-pil.imagetk-dbg_7.2.0-1ubuntu0.3+20.04.sav3_amd64.deb (35.1 KiB)
python3-pil.imagetk_7.2.0-1ubuntu0.3+20.04.sav3_amd64.deb (70.9 KiB)
python3-pil_7.2.0-1ubuntu0.3+20.04.sav3_amd64.deb (420.2 KiB)