Format: 1.8 Date: Tue, 07 Jul 2020 13:14:10 -0400 Source: pillow Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: s390x Version: 7.0.0-4ubuntu1 Distribution: groovy-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.0.0-4ubuntu1) groovy; urgency=medium . * SECURITY UPDATE: multiple out of bounds reads - debian/patches/CVE-2020-10177-1.patch: fix issue in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-2.patch: refactor to macro in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-7.patch: fix comments in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-8.patch: additional FLI check in src/libImaging/FliDecode.c. - CVE-2020-10177 * SECURITY UPDATE: out of bounds read with PCX files - debian/patches/CVE-2020-10378.patch: fix OOB Access in src/libImaging/PcxDecode.c. - CVE-2020-10378 * SECURITY UPDATE: two buffer overflows - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-3.patch: fix typos in src/libImaging/TiffDecode.c. - CVE-2020-10379 * SECURITY UPDATE: out-of-bounds read via JP2 file - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in src/libImaging/Jpeg2KDecode.c. - debian/patches/CVE-2020-10994-2.patch: fix typo in src/libImaging/Jpeg2KDecode.c. - CVE-2020-10994 * SECURITY UPDATE: out-of-bounds read via SGI file - debian/patches/CVE-2020-11538.patch: track number of pixels, not the number of runs in src/libImaging/SgiRleDecode.c. - CVE-2020-11538 Checksums-Sha1: a5342663f7d4269a93003d07cecb4c2a4854468d 11245 pillow_7.0.0-4ubuntu1_s390x.buildinfo 88aa9c6bbdadb88de0062eec31a1c11ec1b774a7 1280416 python3-pil-dbg_7.0.0-4ubuntu1_s390x.deb 83bff2a336a7622490f16e54c7dc2c951bfdfc36 35820 python3-pil.imagetk-dbg_7.0.0-4ubuntu1_s390x.deb fd1c011f4d18fec36b7c0bdfb863a2ce6a661a39 8528 python3-pil.imagetk_7.0.0-4ubuntu1_s390x.deb 32b38aefe1c9686dcdd96a8c4be6b3e41e11d7de 356864 python3-pil_7.0.0-4ubuntu1_s390x.deb Checksums-Sha256: e5fae1a5d2bbb0d58bb4bd3bd4df3913f4447212732ce8336bed59b20fbd4b1a 11245 pillow_7.0.0-4ubuntu1_s390x.buildinfo 28894d81c77c2371b19b76562863b356bd4198bcf60fa331481862e2fd54c66b 1280416 python3-pil-dbg_7.0.0-4ubuntu1_s390x.deb ffe694253aef73d35d46ed8139eb24ecf120e6f170ed711c1c38902d5a3d2a40 35820 python3-pil.imagetk-dbg_7.0.0-4ubuntu1_s390x.deb 6b0f13296db71faa199a6439c46b52cb0719ab5855cbbea89ecbfb3ffb247f36 8528 python3-pil.imagetk_7.0.0-4ubuntu1_s390x.deb 3eec1b0cd2108c691e762bbd4288edd17a44dd05e6eb03cbf3b7fe788d9398c0 356864 python3-pil_7.0.0-4ubuntu1_s390x.deb Files: 2d2014eaaeb14ee37427df14c8864222 11245 python optional pillow_7.0.0-4ubuntu1_s390x.buildinfo d2aabc32d798827c3aa7b15c7c327145 1280416 debug optional python3-pil-dbg_7.0.0-4ubuntu1_s390x.deb c21a1a1830092d118a38169a5cb6c892 35820 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu1_s390x.deb c243eedd98785cb1427b4f1668a2620d 8528 python optional python3-pil.imagetk_7.0.0-4ubuntu1_s390x.deb af0dbfe8942b09a09aa677a038750fa7 356864 python optional python3-pil_7.0.0-4ubuntu1_s390x.deb Original-Maintainer: Matthias Klose