Format: 1.8
Date: Thu, 25 Jan 2024 12:48:42 -0500
Source: pillow
Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg
Architecture: riscv64
Version: 7.0.0-4ubuntu0.8
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos03-riscv64-022.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (7.0.0-4ubuntu0.8) focal-security; urgency=medium
 .
   * SECURITY UPDATE: DoS in ImageFont via large textlength
     - debian/patches/CVE-2023-44271.patch: added a maximum string length in
       Tests/test_imagefont.py, docs/reference/ImageFont.rst,
       src/PIL/ImageFont.py.
     - CVE-2023-44271
   * SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
     - debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
       env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
     - debian/patches/CVE-2023-50447-2.patch: allow ops in
       Tests/test_imagemath.py, src/PIL/ImageMath.py.
     - debian/patches/CVE-2023-50447-3.patch: include further builtins in
       Tests/test_imagemath.py, src/PIL/ImageMath.py.
     - CVE-2023-50447
Checksums-Sha1:
 6b1348306f4f1ceea6a01084f5d0c0ef5a0f9106 11962 pillow_7.0.0-4ubuntu0.8_riscv64.buildinfo
 75550656c13c56e94bbdea093289fbc0a276a7c8 1192188 python3-pil-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 123626c1982c926c8f7a84b44a69209babe2be40 35264 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 dc1deb7c371fa25bd9a0c9a24abb1c94a3df656a 8092 python3-pil.imagetk_7.0.0-4ubuntu0.8_riscv64.deb
 59336af60b128ab9227d4b2b4e846d7c7b7037e1 356364 python3-pil_7.0.0-4ubuntu0.8_riscv64.deb
Checksums-Sha256:
 b33ab1c79308999c8fc89eceaf1b0e756c1406397513d7a0cf2b10edade769ee 11962 pillow_7.0.0-4ubuntu0.8_riscv64.buildinfo
 a28352958745f898119a5c50987ae93013569b9fd1db8d58e85398869f6e4ee7 1192188 python3-pil-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 8edc4e57cd130d64c21c3aba9355ff16b9cdad96701969a23df7f17d4d2d9311 35264 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 80e1902d63946c247699172da08933b3c828f9e6258e6f0fae77b796466cf75e 8092 python3-pil.imagetk_7.0.0-4ubuntu0.8_riscv64.deb
 7817679b168a4ad11c774f49671bf8af7da2782e1dab830ad0e577c435066332 356364 python3-pil_7.0.0-4ubuntu0.8_riscv64.deb
Files:
 bfe15346dbda8e837263dca261d5ea5b 11962 python optional pillow_7.0.0-4ubuntu0.8_riscv64.buildinfo
 2636df5c9668ed96ba7e84c4c53e57ca 1192188 debug optional python3-pil-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 507d368bda5d9a57d3377172fc4c189c 35264 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.8_riscv64.deb
 0ca163fa314ae610711c0deb4bc373e9 8092 python optional python3-pil.imagetk_7.0.0-4ubuntu0.8_riscv64.deb
 450a49b10baca928267df6266228e06c 356364 python optional python3-pil_7.0.0-4ubuntu0.8_riscv64.deb
Original-Maintainer: Matthias Klose <doko@debian.org>