Format: 1.8 Date: Tue, 07 Jul 2020 13:14:10 -0400 Source: pillow Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: s390x Version: 7.0.0-4ubuntu0.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium . * SECURITY UPDATE: multiple out of bounds reads - debian/patches/CVE-2020-10177-1.patch: fix issue in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-2.patch: refactor to macro in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-7.patch: fix comments in src/libImaging/FliDecode.c. - debian/patches/CVE-2020-10177-8.patch: additional FLI check in src/libImaging/FliDecode.c. - CVE-2020-10177 * SECURITY UPDATE: out of bounds read with PCX files - debian/patches/CVE-2020-10378.patch: fix OOB Access in src/libImaging/PcxDecode.c. - CVE-2020-10378 * SECURITY UPDATE: two buffer overflows - debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-10379-3.patch: fix typos in src/libImaging/TiffDecode.c. - CVE-2020-10379 * SECURITY UPDATE: out-of-bounds read via JP2 file - debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in src/libImaging/Jpeg2KDecode.c. - debian/patches/CVE-2020-10994-2.patch: fix typo in src/libImaging/Jpeg2KDecode.c. - CVE-2020-10994 * SECURITY UPDATE: out-of-bounds read via SGI file - debian/patches/CVE-2020-11538.patch: track number of pixels, not the number of runs in src/libImaging/SgiRleDecode.c. - CVE-2020-11538 Checksums-Sha1: f78cc26d2f59b0e45c49c0b0a8b4818ff248b9fe 11405 pillow_7.0.0-4ubuntu0.1_s390x.buildinfo a203c9904077959463533f91786bd62f705bd8c3 1280704 python3-pil-dbg_7.0.0-4ubuntu0.1_s390x.deb ab0206650b00d1289dddcbcb49c67a64b24d40d0 35816 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_s390x.deb e6bc31d91d0c0e55045603f34acbc458f4429b5a 8520 python3-pil.imagetk_7.0.0-4ubuntu0.1_s390x.deb e04937c3043ef132b00190ce23863580a6e965c0 356940 python3-pil_7.0.0-4ubuntu0.1_s390x.deb Checksums-Sha256: 2bb084a4ccf5e649c746916d21ca87c507fd7d2ef61a9cb0ac4a12bbf0a4f041 11405 pillow_7.0.0-4ubuntu0.1_s390x.buildinfo 524d7c29d837b23ba7cd50b4c14dcf8a9519dbc3c544669f0549451061b250b0 1280704 python3-pil-dbg_7.0.0-4ubuntu0.1_s390x.deb da07775984669b786bd8edecef95140ec836601354ebded57c0a3144119f8f7f 35816 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_s390x.deb 188f6a2bfb8e3e7d23c77342d330bd036674a62737e59a36ee8e653ce67293b7 8520 python3-pil.imagetk_7.0.0-4ubuntu0.1_s390x.deb 1e8ea719c6998bce9c5c5d69d4117ee48fbd70708d5aa8cbca34cc391432921d 356940 python3-pil_7.0.0-4ubuntu0.1_s390x.deb Files: 1dcbd5a108fdf2347d0a075bf86ace50 11405 python optional pillow_7.0.0-4ubuntu0.1_s390x.buildinfo 15e245660dfde91380eb804abc5b90b0 1280704 debug optional python3-pil-dbg_7.0.0-4ubuntu0.1_s390x.deb b20afd70713ac091c9a39aa04c982c13 35816 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.1_s390x.deb 47ea32cfed1958da31f8ec915c6a2237 8520 python optional python3-pil.imagetk_7.0.0-4ubuntu0.1_s390x.deb b8712e8b6b0ea4ae49bff113cb77b6ce 356940 python optional python3-pil_7.0.0-4ubuntu0.1_s390x.deb Original-Maintainer: Matthias Klose