[ubuntu/focal-security] pillow 7.0.0-4ubuntu0.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed May 19 13:46:38 UTC 2021
pillow (7.0.0-4ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: OOB read in Jpeg2KDecode
- debian/patches/CVE-2021-25287_8.patch: handle different widths for
each band in src/libImaging/Jpeg2KDecode.c.
- CVE-2021-25287
- CVE-2021-25288
* SECURITY UPDATE: DOS in PsdImagePlugin
- debian/patches/CVE-2021-28675.patch: sanity check the number of
input layers in Tests/test_decompression_bomb.py,
Tests/test_file_apng.py, Tests/test_file_blp.py,
Tests/test_file_tiff.py, src/PIL/ImageFile.py,
src/PIL/PsdImagePlugin.py.
- CVE-2021-28675
* SECURITY UPDATE: FLI DOS
- debian/patches/CVE-2021-28676.patch: check the block advance in
src/libImaging/FliDecode.c.
- CVE-2021-28676
* SECURITY UPDATE: EPS DOS on _open
- debian/patches/CVE-2021-28677.patch: properly handle line endings in
src/PIL/EpsImagePlugin.py.
- CVE-2021-28677
* SECURITY UPDATE: BLP DOS
- debian/patches/CVE-2021-28678.patch: check that reads return data in
src/PIL/BlpImagePlugin.py.
- CVE-2021-28678
Date: 2021-05-18 13:08:31.489964+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list