Ubuntu
pillow package

Change logs for pillow source package in Jammy

  1. Jammy (22.04)
  2. Change log 
  • pillow (9.0.1-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in imagingcms.c
    - debian/patches/CVE-2024-28219.patch: Use strncpy
    to avoid buffer overflow
    - CVE-2024-28219

 -- Nick Galanis <email address hidden>  Mon, 15 Apr 2024 13:00:29 +0100
  • pillow (9.0.1-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS in ImageFont via large textlength
    - debian/patches/CVE-2023-44271.patch: added a maximum string length in
      Tests/test_imagefont.py, docs/reference/ImageFont.rst,
      src/PIL/ImageFont.py.
    - CVE-2023-44271
  * SECURITY UPDATE: PIL.ImageMath.eval Arbitrary Code Execution
    - debian/patches/CVE-2023-50447-1.patch: don't allow __ or builtins in
      env dictionarys for ImageMath.eval in src/PIL/ImageMath.py.
    - debian/patches/CVE-2023-50447-2.patch: allow ops in
      Tests/test_imagemath.py, src/PIL/ImageMath.py.
    - debian/patches/CVE-2023-50447-3.patch: include further builtins in
      Tests/test_imagemath.py, src/PIL/ImageMath.py.
    - CVE-2023-50447

 -- Marc Deslauriers <email address hidden>  Thu, 25 Jan 2024 10:10:10 -0500
  • pillow (9.0.1-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: gif decompression bomb issue
    - debian/patches/CVE-2022-45198.patch: Added GIF decompression bomb check
      in src/PIL/GifImagePlugin.py.
    - CVE-2022-45198

 -- Fabian Toepfer <email address hidden>  Mon, 12 Dec 2022 20:51:28 +0100
  • pillow (9.0.1-1build1) jammy; urgency=medium

  * No-change rebuild with Python 3.10 only.

 -- Matthias Klose <email address hidden>  Thu, 17 Mar 2022 18:50:53 +0100
  • pillow (9.0.1-1) unstable; urgency=medium

  * New upstream version.
  * Fix documentation build error with Python 3.10 (Heinrich Schuchardt).

 -- Matthias Klose <email address hidden>  Fri, 18 Feb 2022 01:07:13 +0100
  • pillow (9.0.0-1ubuntu1) jammy; urgency=medium

  * Fix documentation build error (LP: #1960263)

 -- Heinrich Schuchardt <email address hidden>  Tue, 15 Feb 2022 10:13:08 +0100
  • pillow (9.0.0-1build1) jammy; urgency=medium

  * No-change rebuild against latest libwebp

 -- Jeremy Bicha <email address hidden>  Tue, 01 Feb 2022 09:26:48 -0500
  • pillow (9.0.0-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Mon, 10 Jan 2022 10:52:08 +0100
  • pillow (8.4.0-1) unstable; urgency=medium

  * New upstream version.

 -- Matthias Klose <email address hidden>  Thu, 25 Nov 2021 13:17:45 +0100
  • pillow (8.3.2-1) unstable; urgency=medium

  * New upstream version.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Mon, 11 Oct 2021 15:35:03 +0200
  • pillow (8.1.2+dfsg-0.3build1) jammy; urgency=medium

  * No-change rebuild to add python3.10.

 -- Matthias Klose <email address hidden>  Sat, 16 Oct 2021 21:59:13 +0200
  • pillow (8.1.2+dfsg-0.3) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix "CVE-2021-34552 - buffer overflow in Convert.c. Replace sprintf with
    snprintf. Backport upstream change from 8.3 to 8.1. (Closes: #991293)

 -- Neil Williams <email address hidden>  Tue, 20 Jul 2021 06:42:31 +0100