Format: 1.8
Date: Thu, 30 Jan 2020 17:15:56 -0300
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc python-imaging
Architecture: all amd64
Version: 3.1.2-0ubuntu1.3
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-013.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 python-imaging - Python Imaging Library compatibility layer
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (3.1.2-0ubuntu1.3) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Exceed memory amount and delay in process image
     - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
       PIL/PsdImagePlugin.py, Added decompression bomb checks in
       PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
       in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
       in Tests/images/*.
     - CVE-2019-16865
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
       number of bands in FPX image in PIL/FpxImagePlugin.py.
     - CVE-2019-19911
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
       in libImaging/PcxDecode.c.
     - CVE-2020-5312
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
       libImaging/FliDecode.c.
     - CVE-2020-5313
   * Fix decompression tests that failed
     - debian/patches/Fixing_decompression_test.patch: Tests/test_decompression.py.
Checksums-Sha1:
 24ffe2f67a3fa872313fcf6d909bd71c455b032a 4932 python-imaging_3.1.2-0ubuntu1.3_all.deb
 56fd09a97132ac63bbca48106ade8cd23be92764 447008 python-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 4d9859b956aebc5a8eb9911c962223f4d3fd9be0 13982 python-pil-doc_3.1.2-0ubuntu1.3_all.deb
 32277a2c597ddfe72bba729c1c1a759e20c2f738 13304 python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 89daaac598c6cc80eed77a5c764e7d63bd6a434e 7434 python-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 2db2d4d0d4b326ca7c8d4383957ba8681c8dc8ef 313046 python-pil_3.1.2-0ubuntu1.3_amd64.deb
 bef3092d0d21cc83cbb0fec5ff80291993052ba4 543376 python3-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 91aefe70c143e073665017bc1f8a7594b2c3fd77 13716 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 72aa7e5941e2f092d6a72b0e07f37a13db44c3dd 7528 python3-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 8440d0607d017060402c702c107e0bafdd80875c 313914 python3-pil_3.1.2-0ubuntu1.3_amd64.deb
Checksums-Sha256:
 a21612cacc52606a7162cc4c58bf714cc940dc054ce51c4975684006bd57ea7b 4932 python-imaging_3.1.2-0ubuntu1.3_all.deb
 cd32482a288c417b37d87331fb1ec23a204a374f143f19abde6f204bcbc2abd1 447008 python-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 68bdee8bfe7717edef7526d39fa68d94b3b3bca14e9ec770f605b801308dfc80 13982 python-pil-doc_3.1.2-0ubuntu1.3_all.deb
 b0a106ed4e8682232c4b35b3e3abaefa0128cd86c3d2b092aa3cb4b828562e44 13304 python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 4f7dc8d4ac86de94aeae6dc09fcba3a0bc147b396104d775b12c92508e37fe18 7434 python-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 bebca46203deade773c4cb3f5b7fb8a036c2648facd5d09f2836db8f5c9b14b6 313046 python-pil_3.1.2-0ubuntu1.3_amd64.deb
 827c7ddc2dc970bdce75a3525b206c317268cef69cea0c94752b78cd8d1cc098 543376 python3-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 d9ea2e4cf69071542674a15426c4820853f4cdec003073b01e911e098c3d776a 13716 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 7ff3df5838eb04059685bf383f42e3e7d210e0e87ab8bb61dc23395cb34d0ece 7528 python3-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 74b9a60dbed6060311b08a51bcd93b7f4c98d4ad9831f34a4506aaa2e72c2be8 313914 python3-pil_3.1.2-0ubuntu1.3_amd64.deb
Files:
 dcd668984cdb495e7cbf3ff8d897e974 4932 python optional python-imaging_3.1.2-0ubuntu1.3_all.deb
 2727d706435db88a58ce98e1e97ccb08 447008 debug extra python-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 e7d3ed7cc71ec306ab1658eae296c35a 13982 doc optional python-pil-doc_3.1.2-0ubuntu1.3_all.deb
 9a2ccaa545c8fc7713ae2bca76fb31a0 13304 debug extra python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 e33a14e4aa43cb0882d0b1ec2403f315 7434 python optional python-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 654a21085882cafbc628c58af30ce494 313046 python optional python-pil_3.1.2-0ubuntu1.3_amd64.deb
 f5785adcd410da00fc7ac2429ae5bd30 543376 debug extra python3-pil-dbg_3.1.2-0ubuntu1.3_amd64.deb
 5ff7fd058281b9a141998f5e91b68c41 13716 debug extra python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_amd64.deb
 74f97feb67de87f3a7ab4a8d900c82d9 7528 python optional python3-pil.imagetk_3.1.2-0ubuntu1.3_amd64.deb
 8615a8bf3036f24cf91d4e1f982169a2 313914 python optional python3-pil_3.1.2-0ubuntu1.3_amd64.deb
Original-Maintainer: Matthias Klose <doko@debian.org>