Publishing details
Changelog
pillow (7.2.0-1ubuntu0.3+20.04.sav3) focal; urgency=medium
* New security updates from Ubuntu 7.0.0-4ubuntu0.8 package (rebased):
* SECURITY UPDATE: DoS in ImageFont via large textlength
- debian/patches/CVE-2023-44271.patch: added a maximum string length in
Tests/test_imagefont.py, docs/reference/ImageFont.rst,
src/PIL/ImageFont.py.
- CVE-2023-44271
* SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
- debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-2.patch: allow ops in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-3.patch: include further builtins in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- CVE-2023-50447
[ patches thanks to Marc Deslauriers <email address hidden> ]
-- Rob Savoury <email address hidden> Sun, 03 Mar 2024 10:15:47 -0800
Builds
Built packages
-
python-pil-doc
Examples for the Python Imaging Library
-
python3-pil
Python Imaging Library (Python3)
-
python3-pil-dbg
Python Imaging Library (Python3 debug extension)
-
python3-pil.imagetk
Python Imaging Library - ImageTk Module (Python3)
-
python3-pil.imagetk-dbg
Python Imaging Library - ImageTk Module (Python3 debug extension)
Package files