-
pillow (9.0.1-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in imagingcms.c
- debian/patches/CVE-2024-28219.patch: Use strncpy
to avoid buffer overflow
- CVE-2024-28219
-- Nick Galanis <email address hidden> Mon, 15 Apr 2024 13:00:29 +0100
-
pillow (9.0.1-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in ImageFont via large textlength
- debian/patches/CVE-2023-44271.patch: added a maximum string length in
Tests/test_imagefont.py, docs/reference/ImageFont.rst,
src/PIL/ImageFont.py.
- CVE-2023-44271
* SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
- debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-2.patch: allow ops in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- debian/patches/CVE-2023-50447-3.patch: include further builtins in
Tests/test_imagemath.py, src/PIL/ImageMath.py.
- CVE-2023-50447
-- Marc Deslauriers <email address hidden> Thu, 25 Jan 2024 10:10:10 -0500
-
pillow (9.0.1-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: gif decompression bomb issue
- debian/patches/CVE-2022-45198.patch: Added GIF decompression bomb check
in src/PIL/GifImagePlugin.py.
- CVE-2022-45198
-- Fabian Toepfer <email address hidden> Mon, 12 Dec 2022 20:51:28 +0100
-
pillow (9.0.1-1build1) jammy; urgency=medium
* No-change rebuild with Python 3.10 only.
-- Matthias Klose <email address hidden> Thu, 17 Mar 2022 18:50:53 +0100
-
pillow (9.0.1-1) unstable; urgency=medium
* New upstream version.
* Fix documentation build error with Python 3.10 (Heinrich Schuchardt).
-- Matthias Klose <email address hidden> Fri, 18 Feb 2022 01:07:13 +0100
-
pillow (9.0.0-1ubuntu1) jammy; urgency=medium
* Fix documentation build error (LP: #1960263)
-- Heinrich Schuchardt <email address hidden> Tue, 15 Feb 2022 10:13:08 +0100
-
pillow (9.0.0-1build1) jammy; urgency=medium
* No-change rebuild against latest libwebp
-- Jeremy Bicha <email address hidden> Tue, 01 Feb 2022 09:26:48 -0500
-
pillow (9.0.0-1) unstable; urgency=medium
* New upstream version.
-- Matthias Klose <email address hidden> Mon, 10 Jan 2022 10:52:08 +0100
-
pillow (8.4.0-1) unstable; urgency=medium
* New upstream version.
-- Matthias Klose <email address hidden> Thu, 25 Nov 2021 13:17:45 +0100
-
pillow (8.3.2-1) unstable; urgency=medium
* New upstream version.
* Bump standards version.
-- Matthias Klose <email address hidden> Mon, 11 Oct 2021 15:35:03 +0200
-
pillow (8.1.2+dfsg-0.3build1) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <email address hidden> Sat, 16 Oct 2021 21:59:13 +0200
-
pillow (8.1.2+dfsg-0.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix "CVE-2021-34552 - buffer overflow in Convert.c. Replace sprintf with
snprintf. Backport upstream change from 8.3 to 8.1. (Closes: #991293)
-- Neil Williams <email address hidden> Tue, 20 Jul 2021 06:42:31 +0100