[ubuntu/groovy-updates] pillow 7.2.0-1ubuntu0.2 (Accepted)

[Ubuntu Archive Robot]

pillow (7.2.0-1ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: insufficient fix for CVE-2020-35654
    - debian/patches/CVE-2021-25289.patch: improve return code check in
      src/libImaging/TiffDecode.c.
    - CVE-2021-25289
  * SECURITY UPDATE: negative-offset memcpy with an invalid size
    - debian/patches/CVE-2021-25290.patch: add extra check to
      src/libImaging/TiffDecode.c.
    - CVE-2021-25290
  * SECURITY UPDATE: invalid tile boundaries could lead to an OOB Read
    - debian/patches/CVE-2021-25291.patch: check tile validity in
      src/libImaging/TiffDecode.c.
    - CVE-2021-25291
  * SECURITY UPDATE: DoS via backtrack regex
    - debian/patches/CVE-2021-25292.patch: use more specific regex in
      src/PIL/PdfParser.py.
    - CVE-2021-25292
  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2021-25293.patch: add more checks to
      src/libImaging/SgiRleDecode.c.
    - CVE-2021-25293
  * SECURITY UPDATE: DoS via invalid reported size
    - debian/patches/CVE-2021-2792x.patch: check reported sizes in
      src/PIL/BlpImagePlugin.py, src/PIL/IcnsImagePlugin.py,
      src/PIL/IcoImagePlugin.py.
    - CVE-2021-27921
    - CVE-2021-27922
    - CVE-2021-27923

Date: 2021-03-11 13:06:15.169652+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/pillow/7.2.0-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.