[ubuntu/trusty-updates] pillow 2.3.0-1ubuntu3.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Sep 27 20:28:12 UTC 2016
pillow (2.3.0-1ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overflow in ImagingFliDecode()
- debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
- Thanks to Eric Soroos for finding and fixing this issue.
- CVE-2016-0775
* SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
- debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
match that returned by libtiff
- Thanks to Eric Soroos for finding and fixing this issue.
- CVE-2016-0740
* SECURITY UPDATE: PCD decoder overruns the shuffle buffer
- debian/patches/pillow-CVE-2016-2533.patch: correct size adjustments
- CVE-2016-2533
* SECURITY-UPDATE: Icns DOS fix
- debian/patches/pillow-CVE-2014-3589.patch: Icns DOS fix
- Thanks to Andrew Drake for reporting this issue.
- CVE-2014-3589
* SECURITY-UPDATE: Fix potential PNG decompression DOS
- debian/patches/pillow-CVE-2014-9601.patch: Fix PNG decompresson DOS
- CVE-2014-9601
Date: 2016-09-26 23:36:15.167623+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/pillow/2.3.0-1ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list