[ubuntu/questing-updates] pillow 11.3.0-1ubuntu1.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Jun 8 16:01:46 UTC 2026
pillow (11.3.0-1ubuntu1.3) questing-security; urgency=medium
* SECURITY UPDATE: integer overflow via large font advances
- debian/patches/CVE-2026-42308.patch: Use long for glyph position in
src/_imagingft.c.
- CVE-2026-42308
* SECURITY UPDATE:heap buffer overflow via recursive nested lists
- debian/patches/CVE-2026-42309.patch: Reject non-numeric elements inside
list coords in Tests/test_imagepath.py, src/path.c.
- CVE-2026-42309
* SECURITY UPDATE: DoS via malicious PDF
- debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
loops back on itself in src/PIL/PdfParser.py.
- CVE-2026-42310
* SECURITY UPDATE: DoS or code exec via malicious PSD file
- debian/patches/CVE-2026-42311-pre1.patch: Simplify `setimage()` by always
passing extents in src/PIL/Image.py, src/decode.c, src/encode.c.
- debian/patches/CVE-2026-42311-pre2.patch: Simplify setimage() in
src/PIL/ImageFile.py.
- debian/patches/CVE-2026-42311-pre3.patch: Allow None extents in C setimage
in Tests/test_imagefile.py, src/decode.c, src/encode.c.
- debian/patches/CVE-2026-42311-1.patch: Avoid overflow by not adding
extents together in src/decode.c, src/encode.c.
- debian/patches/CVE-2026-42311-2.patch: Copy offset check from C into
Python in Tests/test_imagefile.py, src/PIL/ImageFile.py.
- CVE-2026-42311
Date: 2026-06-04 19:58:11.153079+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/pillow/11.3.0-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list