[ubuntu/focal-updates] pillow 7.0.0-4ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jul 23 11:28:08 UTC 2020 

pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple out of bounds reads
    - debian/patches/CVE-2020-10177-1.patch: fix issue in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
      in src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-7.patch: fix comments in
      src/libImaging/FliDecode.c.
    - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
      src/libImaging/FliDecode.c.
    - CVE-2020-10177
  * SECURITY UPDATE: out of bounds read with PCX files
    - debian/patches/CVE-2020-10378.patch: fix OOB Access in
      src/libImaging/PcxDecode.c.
    - CVE-2020-10378
  * SECURITY UPDATE: two buffer overflows
    - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
      Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
      src/libImaging/TiffDecode.c.
    - debian/patches/CVE-2020-10379-3.patch: fix typos in
      src/libImaging/TiffDecode.c.
    - CVE-2020-10379
  * SECURITY UPDATE: out-of-bounds read via JP2 file
    - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
      src/libImaging/Jpeg2KDecode.c.
    - debian/patches/CVE-2020-10994-2.patch: fix typo in
      src/libImaging/Jpeg2KDecode.c.
    - CVE-2020-10994
  * SECURITY UPDATE: out-of-bounds read via SGI file
    - debian/patches/CVE-2020-11538.patch: track number of pixels, not the
      number of runs in src/libImaging/SgiRleDecode.c.
    - CVE-2020-11538

Date: 2020-07-22 14:52:18.733280+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list