Format: 1.8
Date: Mon, 03 Feb 2020 14:50:52 -0300
Source: pillow
Binary: python-pil python-pil-dbg python-pil-doc python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg
Architecture: amd64 all
Version: 6.1.0-1ubuntu0.2
Distribution: eoan
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-028.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (6.1.0-1ubuntu0.2) eoan-security; urgency=medium
 .
   * SECURITY UPDATE: Exceed memory amount and delay in process image
     - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
       PIL/PsdImagePlugin.py, Added decompression bomb checks in
       PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
       in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
       in Tests/images/*.
     - CVE-2019-16865
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
       number of bands in FPX image in PIL/FpxImagePlugin.py and added some
       testes in Test/images/*.
     - CVE-2019-19911
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2020-5310.patch: Overflow checks for realloc for tiff
       decoding in src/libImaging/TiffDecode.c and added tests in Test/images/*.
     - CVE-2020-5310
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5311.patch: catch SGI buffer overruns
       in src/libImaging/SgiRleDecode.c.
     - CVE-2020-5311
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
       in libImaging/PcxDecode.c and added some tests in Test/images/*.
     - CVE-2020-5312
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
       libImaging/FliDecode.c and added some tests in Test/images/*.
     - CVE-2020-5313
Checksums-Sha1:
 3501aad4a9b45f14843ff1fc5af89fb9aef482b6 14577 pillow_6.1.0-1ubuntu0.2_amd64.buildinfo
 d0bfa8b69a14ae84f60980f77061a717621bc70c 585796 python-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 8076257cd36994a03e54f9ce1f6c14f77023653e 400544 python-pil-doc_6.1.0-1ubuntu0.2_all.deb
 6352a7be9504c07b917f198ecf1cf5db5be5a889 26828 python-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 7a692e4cd19044c8e865c2f4e5905dadffaf84bf 8436 python-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 a27c51b04d32ed323fd62d2819fc31b95b8ad917 319156 python-pil_6.1.0-1ubuntu0.2_amd64.deb
 4c1f11e8c82cef155d2b2e16a3dbe944eced2845 1234664 python3-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 cfa705c7e399b5af373ae02a6bbea3cc59ded7fa 37536 python3-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 bcfdd7bb57434054e0755b634078f86d4db0ac28 8688 python3-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 40acf02cc688dbc3dcf2ff1661b6855ee0ba7a7e 348688 python3-pil_6.1.0-1ubuntu0.2_amd64.deb
Checksums-Sha256:
 1ab2096c76703d145ab55a97d823182715ca5592a54140ad644b2286d2cc3d95 14577 pillow_6.1.0-1ubuntu0.2_amd64.buildinfo
 1a4abfa79d29e9f062a17956da6cf4cb3df9749fda85bd946b73ec13b83ae20e 585796 python-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 53631e05e7e97647948201b25efe77f7adcfc3ab9363deb434faf077d0862c89 400544 python-pil-doc_6.1.0-1ubuntu0.2_all.deb
 25b123be4eff1dac32a0f3b9f372e37bc0dd42c6867c6dca2fcee23e07cd7ee1 26828 python-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 1b8879c4222d4c6e7f495c50738790a90f1ab4fe65c4a8940a35b95c07b54cfd 8436 python-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 cbea72a3e5691f0e518a139079d9d8ffb31e055fc53e4025737760048b80fd29 319156 python-pil_6.1.0-1ubuntu0.2_amd64.deb
 c80afcad04b8c3e8bda12fd17b75898733309ca8e7be3292b5cb03606b11906a 1234664 python3-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 286d04b2860d2a106eb37b35f0e129b9a1cfb544873237a5c032d5cc49c09ecf 37536 python3-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 be65e8d35a4b7218103c207490ba4a9e17bc5583dd22fe160d3864730506eceb 8688 python3-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 2bd343849d84987821c1e25e5c519bd7107effe6db240cb953a82822450d7ebe 348688 python3-pil_6.1.0-1ubuntu0.2_amd64.deb
Files:
 4a0c1ee8c647beea0c5f98ac21e287dd 14577 python optional pillow_6.1.0-1ubuntu0.2_amd64.buildinfo
 9df4b5deb161884e636112e2b83031e2 585796 debug optional python-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 699dec84140637181b69eaaee2d78d49 400544 doc optional python-pil-doc_6.1.0-1ubuntu0.2_all.deb
 127b2baf3df6d9b700f9634f921637fd 26828 debug optional python-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 d7890068219604e05b10045bed02a167 8436 python optional python-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 f7aca8ac9517a7c6750e57b6f84b80a8 319156 python optional python-pil_6.1.0-1ubuntu0.2_amd64.deb
 93f39b70a148489e4b72831c81a3c982 1234664 debug optional python3-pil-dbg_6.1.0-1ubuntu0.2_amd64.deb
 3a7bc2c259a2d923fdf1c473e6e9e34a 37536 debug optional python3-pil.imagetk-dbg_6.1.0-1ubuntu0.2_amd64.deb
 f689b748bbd398dd67c89189be012917 8688 python optional python3-pil.imagetk_6.1.0-1ubuntu0.2_amd64.deb
 d78e760d4939db1d543f0ef029289498 348688 python optional python3-pil_6.1.0-1ubuntu0.2_amd64.deb
Original-Maintainer: Matthias Klose <doko@debian.org>