[ubuntu/trusty-security] pillow 2.3.0-1ubuntu3.2 (Accepted)

Emily Ratliff emily.ratliff at canonical.com
Tue Sep 27 19:29:19 UTC 2016

pillow (2.3.0-1ubuntu3.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ImagingFliDecode()
    - debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0775
  * SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
    - debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
      match that returned by libtiff
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0740
  * SECURITY UPDATE: PCD decoder overruns the shuffle buffer
    - debian/patches/pillow-CVE-2016-2533.patch: correct size adjustments
    - CVE-2016-2533
    - debian/patches/pillow-CVE-2014-3589.patch: Icns DOS fix
    - Thanks to Andrew Drake for reporting this issue.
    - CVE-2014-3589
  * SECURITY-UPDATE: Fix potential PNG decompression DOS
    - debian/patches/pillow-CVE-2014-9601.patch: Fix PNG decompresson DOS
    - CVE-2014-9601

Date: 2016-09-26 23:36:15.167623+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list