Format: 1.8
Date: Thu, 30 Jan 2020 17:15:56 -0300
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc python-imaging
Architecture: armhf
Version: 3.1.2-0ubuntu1.3
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-069.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 python-imaging - Python Imaging Library compatibility layer
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (3.1.2-0ubuntu1.3) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Exceed memory amount and delay in process image
     - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
       PIL/PsdImagePlugin.py, Added decompression bomb checks in
       PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
       in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
       in Tests/images/*.
     - CVE-2019-16865
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
       number of bands in FPX image in PIL/FpxImagePlugin.py.
     - CVE-2019-19911
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
       in libImaging/PcxDecode.c.
     - CVE-2020-5312
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
       libImaging/FliDecode.c.
     - CVE-2020-5313
   * Fix decompression tests that failed
     - debian/patches/Fixing_decompression_test.patch: Tests/test_decompression.py.
Checksums-Sha1:
 2babfa3b78d7aa45d39c9befbffec6210ef75270 429746 python-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 9b2de43f0873e42e7f2449c92fb12d0a2ad55ccc 13536 python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 8c5e6453c2e3e3dc43606d7d5dad4ee3260f663b 7208 python-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 15b3c55b02704f585e20e05e65578015f19c607d 290100 python-pil_3.1.2-0ubuntu1.3_armhf.deb
 6726a09dcca54fc32e4276fc4abd769115be5a3c 515070 python3-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 b21a0e77abd3338001eddf9cacc4e71e8815bb3a 13794 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 bdae31ef470a99e2c83a81dfa0429a93056dc8ea 7292 python3-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 2755d39798b2f3d970fa87327f875f250bf6ffad 290140 python3-pil_3.1.2-0ubuntu1.3_armhf.deb
Checksums-Sha256:
 9439f78370975b761d3accfa3df0cb2ac126aa73ee630ef83126531087534182 429746 python-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 e634664e9cfdcba2aafcfa1f347b9bd96aabe99e0a4b139fbb5090fb1bd2810d 13536 python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 7aeebe4609907eab360d015625b42e15c67c86e27b2919ad25d6b1d53679dd7f 7208 python-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 029371987ed23f6f4529674c94df73389973c85ffa2309caa9290cd92db75402 290100 python-pil_3.1.2-0ubuntu1.3_armhf.deb
 7bcf8ea7cf397b45e9057944b535009329f08cb4e0aaae93f5096619c823ecd4 515070 python3-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 c19951f8afa5e59739515cdefe52af263b14569af67d4009014a90bd63aba63d 13794 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 a5106d570161bab4143ea20b9521f8d164645ba940a78c9485e9e52f846ec604 7292 python3-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 2d9d4205feb6b284a20c07b751ac2cf8e4b38d7f377af6ca29db70232cb47c80 290140 python3-pil_3.1.2-0ubuntu1.3_armhf.deb
Files:
 4119d4d939b96b2eefefc1ca0458031f 429746 debug extra python-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 e704840e5d730dc680f851b9a19506d4 13536 debug extra python-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 a62d484c225021d5c40a83af4b7e00a3 7208 python optional python-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 d042d7f70a1f3806cef8d28747fffbbf 290100 python optional python-pil_3.1.2-0ubuntu1.3_armhf.deb
 3a61cad928fd3840846b72953c543da4 515070 debug extra python3-pil-dbg_3.1.2-0ubuntu1.3_armhf.deb
 d922b83ca4879c18498bf70dd4e8a763 13794 debug extra python3-pil.imagetk-dbg_3.1.2-0ubuntu1.3_armhf.deb
 924bf5e28cd40b176e9cb63feba53f65 7292 python optional python3-pil.imagetk_3.1.2-0ubuntu1.3_armhf.deb
 0704c2838c65ecda15d3d0d3757b58cf 290140 python optional python3-pil_3.1.2-0ubuntu1.3_armhf.deb
Original-Maintainer: Matthias Klose <doko@debian.org>