[ubuntu/focal-security] pillow 7.0.0-4ubuntu0.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed May 19 13:46:38 UTC 2021


pillow (7.0.0-4ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: OOB read in Jpeg2KDecode
    - debian/patches/CVE-2021-25287_8.patch: handle different widths for
      each band in src/libImaging/Jpeg2KDecode.c.
    - CVE-2021-25287
    - CVE-2021-25288
  * SECURITY UPDATE: DOS in PsdImagePlugin
    - debian/patches/CVE-2021-28675.patch: sanity check the number of
      input layers in Tests/test_decompression_bomb.py,
      Tests/test_file_apng.py, Tests/test_file_blp.py,
      Tests/test_file_tiff.py, src/PIL/ImageFile.py,
      src/PIL/PsdImagePlugin.py.
    - CVE-2021-28675
  * SECURITY UPDATE: FLI DOS
    - debian/patches/CVE-2021-28676.patch: check the block advance in
      src/libImaging/FliDecode.c.
    - CVE-2021-28676
  * SECURITY UPDATE: EPS DOS on _open
    - debian/patches/CVE-2021-28677.patch: properly handle line endings in
      src/PIL/EpsImagePlugin.py.
    - CVE-2021-28677
  * SECURITY UPDATE: BLP DOS
    - debian/patches/CVE-2021-28678.patch: check that reads return data in
      src/PIL/BlpImagePlugin.py.
    - CVE-2021-28678

Date: 2021-05-18 13:08:31.489964+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list