Format: 1.8 Date: Tue, 07 Jul 2020 13:14:10 -0400 Source: pillow Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: riscv64 Version: 7.0.0-4ubuntu0.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium . * SECURITY UPDATE: multiple out of bounds reads - debian/patches/CVE-2020-10177-1.patch: fix issue in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-2.patch: refactor to macro in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-7.patch: fix comments in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-8.patch: additional FLI check in src/libImaging/FliDecode.c. - CVE-2020-10177 * SECURITY UPDATE: out of bounds read with PCX files - debian/patches/CVE-2020-10378.patch: fix OOB Access in src/libImaging/PcxDecode.c. - CVE-2020-10378 * SECURITY UPDATE: two buffer overflows - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-3.patch: fix typos in src/libImaging/TiffDecode.c. - CVE-2020-10379 * SECURITY UPDATE: out-of-bounds read via JP2 file - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in src/libImaging/Jpeg2KDecode.c. - debian/patches/CVE-2020-10994-2.patch: fix typo in src/libImaging/Jpeg2KDecode.c. - CVE-2020-10994 * SECURITY UPDATE: out-of-bounds read via SGI file - debian/patches/CVE-2020-11538.patch: track number of pixels, not the number of runs in src/libImaging/SgiRleDecode.c. - CVE-2020-11538 Checksums-Sha1: 2f0dd75e71b43e9ac48d8bd56c588568cfcda38f 11291 pillow_7.0.0-4ubuntu0.1_riscv64.buildinfo 96df4537d293b93df73ab0ba2b06211fa254075d 1195160 python3-pil-dbg_7.0.0-4ubuntu0.1_riscv64.deb 10b574a84e45c865e5de58c9efe14c95f0050883 35220 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_riscv64.deb 6f7e14e1cd103f7db21c98dafa77fb619831b0a2 8104 python3-pil.imagetk_7.0.0-4ubuntu0.1_riscv64.deb 58a90ed6c88e772fbc9b411c182a466ebe764c0c 353032 python3-pil_7.0.0-4ubuntu0.1_riscv64.deb Checksums-Sha256: d41c8f3fc0de0381ce75a865b1de82adb129b4803dde8103450a958d0e047e53 11291 pillow_7.0.0-4ubuntu0.1_riscv64.buildinfo 748093f8848e20ea0887615b4854e4c08668838e6bebd745f137a60a91ab0fd3 1195160 python3-pil-dbg_7.0.0-4ubuntu0.1_riscv64.deb 4f9748230fed2af409f7a16f8d4b82466389a673dec49247ae0424a08991cf8f 35220 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_riscv64.deb 6bccd42ec8a9433344b555261e42e873994d90b59ec2fa84da5bc90e8971eec0 8104 python3-pil.imagetk_7.0.0-4ubuntu0.1_riscv64.deb ef52d9d8a24b5f483d7b820139a875898bf436dc11e47439974f9de7ea8cd241 353032 python3-pil_7.0.0-4ubuntu0.1_riscv64.deb Files: dfd80935f444a01a15837e9eb6b117f6 11291 python optional pillow_7.0.0-4ubuntu0.1_riscv64.buildinfo 9af15512bb01a347c042e00c730af4f6 1195160 debug optional python3-pil-dbg_7.0.0-4ubuntu0.1_riscv64.deb bbd9d5bb4bec2451ecf6620ef8adc2d0 35220 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_riscv64.deb afcdd0df95071c385369a47d47c05be9 8104 python optional python3-pil.imagetk_7.0.0-4ubuntu0.1_riscv64.deb d9f2f7488320bf916e5d1c444bf590bd 353032 python optional python3-pil_7.0.0-4ubuntu0.1_riscv64.deb Original-Maintainer: Matthias Klose