Format: 1.8 Date: Wed, 10 Mar 2021 12:41:13 -0500 Source: pillow Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: arm64 Version: 7.2.0-1ubuntu0.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.2.0-1ubuntu0.2) groovy-security; urgency=medium . * SECURITY UPDATE: insufficient fix for CVE-2020-35654 - debian/patches/CVE-2021-25289.patch: improve return code check in src/libImaging/TiffDecode.c. - CVE-2021-25289 * SECURITY UPDATE: negative-offset memcpy with an invalid size - debian/patches/CVE-2021-25290.patch: add extra check to src/libImaging/TiffDecode.c. - CVE-2021-25290 * SECURITY UPDATE: invalid tile boundaries could lead to an OOB Read - debian/patches/CVE-2021-25291.patch: check tile validity in src/libImaging/TiffDecode.c. - CVE-2021-25291 * SECURITY UPDATE: DoS via backtrack regex - debian/patches/CVE-2021-25292.patch: use more specific regex in src/PIL/PdfParser.py. - CVE-2021-25292 * SECURITY UPDATE: Out of Bounds Read - debian/patches/CVE-2021-25293.patch: add more checks to src/libImaging/SgiRleDecode.c. - CVE-2021-25293 * SECURITY UPDATE: DoS via invalid reported size - debian/patches/CVE-2021-2792x.patch: check reported sizes in src/PIL/BlpImagePlugin.py, src/PIL/IcnsImagePlugin.py, src/PIL/IcoImagePlugin.py. - CVE-2021-27921 - CVE-2021-27922 - CVE-2021-27923 Checksums-Sha1: b6a9f88dfeb1b0acce842bf7cc37ba5f3058f377 11805 pillow_7.2.0-1ubuntu0.2_arm64.buildinfo 42b7d7db62a04e5cf38221ad84c9469a8ee697c5 1098040 python3-pil-dbg_7.2.0-1ubuntu0.2_arm64.deb 1dd17bdac64f53081e22af66a128f5239a4d7c2b 26652 python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_arm64.deb c33138e55fc4ee961c7ccaad8fabb9283cae8df8 9040 python3-pil.imagetk_7.2.0-1ubuntu0.2_arm64.deb 6820b4dd07f13bd71ca642ea93c661c879c360da 355592 python3-pil_7.2.0-1ubuntu0.2_arm64.deb Checksums-Sha256: d22d93e4a7268d334c8a19ca859f116ad77a8d1c51faeb9c5ebd578c769a96f4 11805 pillow_7.2.0-1ubuntu0.2_arm64.buildinfo 5713e01355783b9c5177b7ddce0f5470ae841f8d170ef2ebbf601f2623bbf546 1098040 python3-pil-dbg_7.2.0-1ubuntu0.2_arm64.deb 5daf24cfbc69cf295577f61eff9fcf15f2bdc6a30abf22cc39bb5316fcbff236 26652 python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_arm64.deb f71af1ae745b37d34b04ca50423d5cefc5a0c9b097126dd00c5e134e68a1efd3 9040 python3-pil.imagetk_7.2.0-1ubuntu0.2_arm64.deb 347f88b46b40573b3ca75ae1252abc4d0b4b673190e30bbd860ec57770427a28 355592 python3-pil_7.2.0-1ubuntu0.2_arm64.deb Files: 0e6caa51a9c487023b6c985231d46ec4 11805 python optional pillow_7.2.0-1ubuntu0.2_arm64.buildinfo 772585f63303d72b3562045af1f9e0be 1098040 debug optional python3-pil-dbg_7.2.0-1ubuntu0.2_arm64.deb c63c100b4dfcdbb6d577e4dd8d9d8260 26652 debug optional python3-pil.imagetk-dbg_7.2.0-1ubuntu0.2_arm64.deb 30019bc66c72de0e33c0f6d40efc5339 9040 python optional python3-pil.imagetk_7.2.0-1ubuntu0.2_arm64.deb 3b50036bd2b18f1a5331005c5a68e125 355592 python optional python3-pil_7.2.0-1ubuntu0.2_arm64.deb Original-Maintainer: Matthias Klose