Format: 1.8
Date: Tue, 07 Jul 2020 13:14:10 -0400
Source: pillow
Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg
Architecture: armhf
Version: 7.0.0-4ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-031.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: multiple out of bounds reads
     - debian/patches/CVE-2020-10177-1.patch: fix issue in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-2.patch: refactor to macro in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
       in src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-7.patch: fix comments in
       src/libImaging/FliDecode.c.
     - debian/patches/CVE-2020-10177-8.patch: additional FLI check in
       src/libImaging/FliDecode.c.
     - CVE-2020-10177
   * SECURITY UPDATE: out of bounds read with PCX files
     - debian/patches/CVE-2020-10378.patch: fix OOB Access in
       src/libImaging/PcxDecode.c.
     - CVE-2020-10378
   * SECURITY UPDATE: two buffer overflows
     - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
       Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
     - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
       src/libImaging/TiffDecode.c.
     - debian/patches/CVE-2020-10379-3.patch: fix typos in
       src/libImaging/TiffDecode.c.
     - CVE-2020-10379
   * SECURITY UPDATE: out-of-bounds read via JP2 file
     - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
       src/libImaging/Jpeg2KDecode.c.
     - debian/patches/CVE-2020-10994-2.patch: fix typo in
       src/libImaging/Jpeg2KDecode.c.
     - CVE-2020-10994
   * SECURITY UPDATE: out-of-bounds read via SGI file
     - debian/patches/CVE-2020-11538.patch: track number of pixels, not the
       number of runs in src/libImaging/SgiRleDecode.c.
     - CVE-2020-11538
Checksums-Sha1:
 aa07a444c77232fafeca5a8ae0ff3902e5b5cf8b 11374 pillow_7.0.0-4ubuntu0.1_armhf.buildinfo
 6140f01689361354cad7e8ed639e0961ab713c16 1234896 python3-pil-dbg_7.0.0-4ubuntu0.1_armhf.deb
 36bf2a8b52ff80a1d6196bdd784c5afce51727df 35556 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_armhf.deb
 4eef83f6394066145577bc94df25ecc9bcf2abd4 8160 python3-pil.imagetk_7.0.0-4ubuntu0.1_armhf.deb
 3f1c841d147d6621b0b7acfd440e44c646b21e09 337284 python3-pil_7.0.0-4ubuntu0.1_armhf.deb
Checksums-Sha256:
 02aeb0097538720736eb4227f99c21754c4615dc7462508742be2dd71ace0eaa 11374 pillow_7.0.0-4ubuntu0.1_armhf.buildinfo
 c696506307d3e8264912e3b2cc1f813d56e67de5942a4d3a182201371a45def1 1234896 python3-pil-dbg_7.0.0-4ubuntu0.1_armhf.deb
 c31d13b14311ac8a7be68881a49747f726211c7b7d389aa79051b9bfaf2b00bf 35556 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_armhf.deb
 962a5ee82f8ad39963468fdb1d81135d441364958070422fb8fa297bb3308dca 8160 python3-pil.imagetk_7.0.0-4ubuntu0.1_armhf.deb
 fb5556fe9733a0f81102f27853d35eea5ef9d89f26c066b703420cff51ea762f 337284 python3-pil_7.0.0-4ubuntu0.1_armhf.deb
Files:
 ea056079fd21c46a98f1d4466d69e886 11374 python optional pillow_7.0.0-4ubuntu0.1_armhf.buildinfo
 7710bee079326b04ec028793130d092b 1234896 debug optional python3-pil-dbg_7.0.0-4ubuntu0.1_armhf.deb
 5c51ee4a35b63579359668982e1c7857 35556 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_armhf.deb
 e5ee1842b55728754743cd5949b4958b 8160 python optional python3-pil.imagetk_7.0.0-4ubuntu0.1_armhf.deb
 836ca2b1a1259211dcd80dae2e2bd67c 337284 python optional python3-pil_7.0.0-4ubuntu0.1_armhf.deb
Original-Maintainer: Matthias Klose <doko@debian.org>