Format: 1.8 Date: Tue, 07 Jul 2020 13:35:30 -0400 Source: pillow Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc Architecture: i386 Version: 5.1.0-1ubuntu0.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-pil - Python Imaging Library (Pillow fork) python-pil-dbg - Python Imaging Library (debug extension) python-pil-doc - Examples for the Python Imaging Library python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork) python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension) python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (5.1.0-1ubuntu0.3) bionic-security; urgency=medium . * SECURITY UPDATE: multiple out of bounds reads - debian/patches/CVE-2020-10177-1.patch: fix issue in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-2.patch: refactor to macro in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-7.patch: fix comments in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-8.patch: additional FLI check in src/libImaging/FliDecode.c. - CVE-2020-10177 * SECURITY UPDATE: out of bounds read with PCX files - debian/patches/CVE-2020-10378.patch: fix OOB Access in src/libImaging/PcxDecode.c. - CVE-2020-10378 * SECURITY UPDATE: out-of-bounds read via JP2 file - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in src/libImaging/Jpeg2KDecode.c. - debian/patches/CVE-2020-10994-2.patch: fix typo in src/libImaging/Jpeg2KDecode.c. - CVE-2020-10994 * SECURITY UPDATE: out-of-bounds read via SGI file - debian/patches/CVE-2020-11538.patch: track number of pixels, not the number of runs in src/libImaging/SgiRleDecode.c. - CVE-2020-11538 Checksums-Sha1: c281667cfe9815be8506da795f50a00f4f0c95d7 12139 pillow_5.1.0-1ubuntu0.3_i386.buildinfo a8afd140102e6b5b7b11b328550e7428d4f617ac 485092 python-pil-dbg_5.1.0-1ubuntu0.3_i386.deb d15cbe1826342e1b5e50a303bb12ecb8921d4b89 25384 python-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb 122ea0288d2c81d27aea09a6680834e49f62b254 8368 python-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb 2389f26ddad7413365382994802e3e87c39d2fa8 297648 python-pil_5.1.0-1ubuntu0.3_i386.deb 7b3c355b6edce714bf789b3d84d10e75009a3149 900676 python3-pil-dbg_5.1.0-1ubuntu0.3_i386.deb b0ebb4297d535972573e45045c61cfba01a2df44 34436 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb 1be46d449b400e33ebdd8e661f1da31024c85949 8988 python3-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb f4a352682afcc05e4d8a691342043349a3f5c7c0 332180 python3-pil_5.1.0-1ubuntu0.3_i386.deb Checksums-Sha256: a5cb4d9b59a03db37c72624ac37f645b6fdd17f8ad7529fff7e782bc410151db 12139 pillow_5.1.0-1ubuntu0.3_i386.buildinfo 3d86163f2b97fc2448d8cd8e847efa9278fea0083403759d7374f24046979008 485092 python-pil-dbg_5.1.0-1ubuntu0.3_i386.deb fa3f02e2ad81d52f3a578e4e55b943d60015408df7109c8ecc00c9ad3425fff4 25384 python-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb dfbf5f80ac2a67fd165484c319fcefa1d2914d53824e0e8fb66db19709af265e 8368 python-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb ee5efffeae4921022099a6651eb2758c25928684e372d722db2ace8d23dc1610 297648 python-pil_5.1.0-1ubuntu0.3_i386.deb bebb9a44fde6960a4ce9b89f4bd79214c80ab15cba739ba2b879f47e3787301a 900676 python3-pil-dbg_5.1.0-1ubuntu0.3_i386.deb 4790409a0c275330162dbb60d5397fd94b7f44904d12147ba8e4352a907ce714 34436 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb b6d2eb2e46dbee3fffbb0753530e782b1d5c816464c9739cd3c9b4838ba341f3 8988 python3-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb af923351dc880e2b0329f21bddd29da536a8553423bfd0d37a86fa4da0a42f09 332180 python3-pil_5.1.0-1ubuntu0.3_i386.deb Files: 203ff234aaa529b0ce6fa8e24c699660 12139 python optional pillow_5.1.0-1ubuntu0.3_i386.buildinfo 7c3c8d2f2333ba91584935123f3c9b0f 485092 debug optional python-pil-dbg_5.1.0-1ubuntu0.3_i386.deb 73ba4dd14b2ed50d1bd2b6a845e87341 25384 debug optional python-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb a4dc5246ee73ff365f5d1df83a18a1f1 8368 python optional python-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb e94d79f1bec4378b7b454e4389843f53 297648 python optional python-pil_5.1.0-1ubuntu0.3_i386.deb 501774313f5dffbf31b50eb12d1f11e5 900676 debug optional python3-pil-dbg_5.1.0-1ubuntu0.3_i386.deb 24da073ad65883aa6cd03e853227c6bf 34436 debug optional python3-pil.imagetk-dbg_5.1.0-1ubuntu0.3_i386.deb c9b6f33ffa556e45c19b68ee2844ac11 8988 python optional python3-pil.imagetk_5.1.0-1ubuntu0.3_i386.deb 82fa60b9ce7a1bb5242e91a402986426 332180 python optional python3-pil_5.1.0-1ubuntu0.3_i386.deb Original-Maintainer: Matthias Klose