Format: 1.8 Date: Wed, 10 Mar 2021 12:48:44 -0500 Source: pillow Binary: python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: s390x Version: 7.0.0-4ubuntu0.3 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.0.0-4ubuntu0.3) focal-security; urgency=medium . * SECURITY UPDATE: insufficient fix for CVE-2020-35654 - debian/patches/CVE-2021-25289.patch: improve return code check in src/libImaging/TiffDecode.c. - CVE-2021-25289 * SECURITY UPDATE: negative-offset memcpy with an invalid size - debian/patches/CVE-2021-25290.patch: add extra check to src/libImaging/TiffDecode.c. - CVE-2021-25290 * SECURITY UPDATE: invalid tile boundaries could lead to an OOB Read - debian/patches/CVE-2021-25291.patch: check tile validity in src/libImaging/TiffDecode.c. - CVE-2021-25291 * SECURITY UPDATE: DoS via backtrack regex - debian/patches/CVE-2021-25292.patch: use more specific regex in src/PIL/PdfParser.py. - CVE-2021-25292 * SECURITY UPDATE: Out of Bounds Read - debian/patches/CVE-2021-25293.patch: add more checks to src/libImaging/SgiRleDecode.c. - CVE-2021-25293 * SECURITY UPDATE: DoS via invalid reported size - debian/patches/CVE-2021-2792x.patch: check reported sizes in src/PIL/BlpImagePlugin.py, src/PIL/IcnsImagePlugin.py, src/PIL/IcoImagePlugin.py. - CVE-2021-27921 - CVE-2021-27922 - CVE-2021-27923 Checksums-Sha1: 79a5521193994ba857d48ca0a7d8536c4eccbc49 11605 pillow_7.0.0-4ubuntu0.3_s390x.buildinfo 93ac09d4cfebd463e501f286a54f4a58e8e3e01e 1273068 python3-pil-dbg_7.0.0-4ubuntu0.3_s390x.deb 9b12ff8b783a9fd68fa1145888b86c923ccfb147 35724 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.3_s390x.deb 47a32c4280553100dd099e762146cb7696639917 8520 python3-pil.imagetk_7.0.0-4ubuntu0.3_s390x.deb a150634245d042c666e784a8f39d142a8544857b 356980 python3-pil_7.0.0-4ubuntu0.3_s390x.deb Checksums-Sha256: 45b81b45c5404fabd458971ae1ae2e5428931f25466913056e3ce1e168bc7bd0 11605 pillow_7.0.0-4ubuntu0.3_s390x.buildinfo 75d655a3909a9a6514289a6f3d11167d5bc2fed9f32337f3bd945055f460ddb0 1273068 python3-pil-dbg_7.0.0-4ubuntu0.3_s390x.deb 6e5a09037631e25eb819ba6d0fe3be1c6a05707ee9bd5cf25fe7de499c9231b7 35724 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.3_s390x.deb 2686e6e02bea6f097d0096645c485b09a9e35153632ec809ec29b6cf1b8c47b6 8520 python3-pil.imagetk_7.0.0-4ubuntu0.3_s390x.deb 64e5b8781dbc36b204e6fd7c3a917d0ff3856a2f66dbe484528bf054d4bd4757 356980 python3-pil_7.0.0-4ubuntu0.3_s390x.deb Files: a6acafc6541b19f4ce8bd49de3a784a0 11605 python optional pillow_7.0.0-4ubuntu0.3_s390x.buildinfo af485c7dda0693afe782398a779fa715 1273068 debug optional python3-pil-dbg_7.0.0-4ubuntu0.3_s390x.deb 8f7ae9b559cd1935db2d50c39424e93c 35724 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.3_s390x.deb fedc284177c2477d20ba3a1f3746b374 8520 python optional python3-pil.imagetk_7.0.0-4ubuntu0.3_s390x.deb a681204ca5231c8417ed8acb58d0a7d5 356980 python optional python3-pil_7.0.0-4ubuntu0.3_s390x.deb Original-Maintainer: Matthias Klose