Format: 1.8 Date: Tue, 07 Jul 2020 13:43:43 -0400 Source: pillow Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc python-imaging Architecture: all amd64 Version: 3.1.2-0ubuntu1.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-imaging - Python Imaging Library compatibility layer python-pil - Python Imaging Library (Pillow fork) python-pil-dbg - Python Imaging Library (debug extension) python-pil-doc - Examples for the Python Imaging Library python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork) python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension) python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (3.1.2-0ubuntu1.4) xenial-security; urgency=medium . * SECURITY UPDATE: multiple out of bounds reads - debian/patches/CVE-2020-10177-1.patch: fix issue in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-2.patch: refactor to macro in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-7.patch: fix comments in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-8.patch: additional FLI check in src/libImaging/FliDecode.c. - CVE-2020-10177 * SECURITY UPDATE: out of bounds read with PCX files - debian/patches/CVE-2020-10378.patch: fix OOB Access in src/libImaging/PcxDecode.c. - CVE-2020-10378 * SECURITY UPDATE: out-of-bounds read via JP2 file - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in src/libImaging/Jpeg2KDecode.c. - debian/patches/CVE-2020-10994-2.patch: fix typo in src/libImaging/Jpeg2KDecode.c. - CVE-2020-10994 Checksums-Sha1: befad57f903521753b4bbd4ecfc51585a644517e 5118 python-imaging_3.1.2-0ubuntu1.4_all.deb d085e2efc29a84fc8f7e5719ea2d8da8db5cae3a 446652 python-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb 12438c157aaef73fa2549d7fd112d64bbbb22914 14210 python-pil-doc_3.1.2-0ubuntu1.4_all.deb 516748dee3a9b9057d0bdd9c10472b5c588d6191 13320 python-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb c203ba78550f06dfd5aaef16918e2d3afaefa32d 7442 python-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb 10abed6efa0b9cbe790f81aa7d409d03b574404b 313954 python-pil_3.1.2-0ubuntu1.4_amd64.deb fe2e6b8143308ea66f92f0659060b1ba86260e4b 542686 python3-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb b43d4970df09d4d9442950fd107330bc490e4b31 13760 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb e03f34b32ffd00275d68722de4262f2d11a055cf 7528 python3-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb c9da121715dd6785aa0f38019052ed55871ce589 314156 python3-pil_3.1.2-0ubuntu1.4_amd64.deb Checksums-Sha256: 8ca9bdfa25f2826d326eda0ca1132a0c005332ae06ede65714ae9a8516ca4c79 5118 python-imaging_3.1.2-0ubuntu1.4_all.deb fd1de2b80cf5dd30720d723e45f897cae7c734028aace28b1b393bd5e646b634 446652 python-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb eed7d7ee5ced73b3c6ed36b8c3505ba4fd8b34c2e8d242857b1fad00e60da205 14210 python-pil-doc_3.1.2-0ubuntu1.4_all.deb eb34c4cd57ee4871611b211c9ad992eb83ef947dc5a771a5bcec5e60265d5d9f 13320 python-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb 19fccfb1c5d8d16f46caae32f2d3d6960d5f2dab40c6325a43173b0b92790421 7442 python-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb 29bc3ff0b54196ae66dd0ec7b0f8a46aeb31bfd543901db44030b1e8ba07e496 313954 python-pil_3.1.2-0ubuntu1.4_amd64.deb 5dfe178040789c8586f64dfc40b4953e03aed97d991098e4e84cdf476562ce4b 542686 python3-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb 84800033cba8e0b3f71a9b0f54864e4b27945767f687a1d6bc9cf50ca853ff38 13760 python3-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb 6cd7f1d4c65bf1b335f6cd971fc87c82803f3d20ad04aa6b3683e7d792dc29bd 7528 python3-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb d7d3d729da87c31597c440b69c3bbdcdd3ba5efd3a19b19a63acd4667d2a1be1 314156 python3-pil_3.1.2-0ubuntu1.4_amd64.deb Files: 79b0ab4f605e8e37cb99afbafa9a2fd0 5118 python optional python-imaging_3.1.2-0ubuntu1.4_all.deb a654278c7b3ab71a4454400255e3ce8d 446652 debug extra python-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb 293cce3a298dab2314567920b6cbfa3d 14210 doc optional python-pil-doc_3.1.2-0ubuntu1.4_all.deb 1486d55698c71c0e5c87d7880c42871b 13320 debug extra python-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb 12025a7c5cf3fe74a2ffbb94c14fed71 7442 python optional python-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb b8293ec139afdd3c282633c200e7359a 313954 python optional python-pil_3.1.2-0ubuntu1.4_amd64.deb 548f2d4e8489adf01924db5cbf01dd8b 542686 debug extra python3-pil-dbg_3.1.2-0ubuntu1.4_amd64.deb c04a7bcf13608d2b9412d5ffd59c9899 13760 debug extra python3-pil.imagetk-dbg_3.1.2-0ubuntu1.4_amd64.deb 1f38698bc7ae4e0fcde97dbcfd402991 7528 python optional python3-pil.imagetk_3.1.2-0ubuntu1.4_amd64.deb d3a062b1ff8b81bae1c58224647066e8 314156 python optional python3-pil_3.1.2-0ubuntu1.4_amd64.deb Original-Maintainer: Matthias Klose