Format: 1.8 Date: Wed, 12 Jan 2022 13:21:48 -0500 Source: pillow Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc Architecture: i386 Version: 5.1.0-1ubuntu0.7 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-pil - Python Imaging Library (Pillow fork) python-pil-dbg - Python Imaging Library (debug extension) python-pil-doc - Examples for the Python Imaging Library python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork) python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension) python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (5.1.0-1ubuntu0.7) bionic-security; urgency=medium . * SECURITY UPDATE: regular expression DoS - debian/patches/CVE-2021-23437.patch: raise ValueError if color specifier is too long in Tests/test_imagecolor.py, src/PIL/ImageColor.py. - CVE-2021-23437 * SECURITY UPDATE: Dos via buffer overflow - debian/patches/CVE-2021-34552.patch: limit sprintf modes to 10 characters in src/libImaging/Convert.c. - CVE-2021-34552 * SECURITY UPDATE: improper initialization - debian/patches/CVE-2022-22815.patch: initialize coordinates to zero in src/path.c. - CVE-2022-22815 * SECURITY UPDATE: buffer over-read during initialization - debian/patches/CVE-2022-22816.patch: handle case where path count is zero in src/path.c. - CVE-2022-22816 * SECURITY UPDATE: evaluation of arbitrary expressions - debian/patches/CVE-2022-22817.patch: restrict builtins for ImageMath.eval in Tests/test_imagemath.py, src/PIL/ImageMath.py. - CVE-2022-22817 Checksums-Sha1: f2eaa01317035dd10b043e57b5def81c03eb4415 12285 pillow_5.1.0-1ubuntu0.7_i386.buildinfo 420952f3edcd8a154e112460be19d756b10b5e4a 485228 python-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 514f611237fa261a3336e794a208f1fbceaf7b71 25368 python-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb 1fa96f5e2210cc79e4192af1e23a3607a42ecd75 8372 python-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb 46823425e3935ce6677067c13544d401795eefef 299000 python-pil_5.1.0-1ubuntu0.7_i386.deb 6bc8bbf6ddfcb4b0c17930876d6d2d3d60e2810c 901688 python3-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 019802694ef4939fac47d4f5d3ddb9add9b4fc4e 34464 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb 9df76d8f7dc0e044945e8895ddbeab63002545c7 8996 python3-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb 0b5e7ecf5d068a7a74b035e7401af323a5e9b595 333444 python3-pil_5.1.0-1ubuntu0.7_i386.deb Checksums-Sha256: 43e6ac5806a7c6c3eed77226f167568651cf121b371603b49d772d4f3b6b2638 12285 pillow_5.1.0-1ubuntu0.7_i386.buildinfo da830f86398469783d2e78d6680044b33f4172f107e4db8049420a3fa2ae519b 485228 python-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 64bcc2657b50942c0f3f3a23961b101110e938a9f6a6240d3276b75c48e1af71 25368 python-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb 7499202afd5fbd7c6c5b3551e5fc284723a598b1d54d315ffd407552e76e9122 8372 python-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb a9f976465dea7ca9848b9f2bf17c66dd6123c9b88598a336a03e8eaec95bd11a 299000 python-pil_5.1.0-1ubuntu0.7_i386.deb f6c301efa26eb617744afde01e358533ff03d15af98bb65350b5d8af61d442bd 901688 python3-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 1ab7c9dbdce65260705ca82a2d7d6197c4cefc89ec0a3ee53d69beec16145b1a 34464 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb 2625e5eb4876439af0400656323d85e6c632ef87bef6af5a1edb49cb29b1f91c 8996 python3-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb a06ed9c10d385db0cef1b2d660fbe08e4bac347c6e999b108380e16c79a9efcc 333444 python3-pil_5.1.0-1ubuntu0.7_i386.deb Files: ecb813a601a1b5f9006ecdf2c4e413ad 12285 python optional pillow_5.1.0-1ubuntu0.7_i386.buildinfo bd55618f2e220bbd844d67d2c7dd5984 485228 debug optional python-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 4067e1fc054bd95032a6704ccd2fc1d7 25368 debug optional python-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb ef033cd3cda26869689546c7d018b69e 8372 python optional python-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb 03cfae2cc4a8437b09b96034cd66d00f 299000 python optional python-pil_5.1.0-1ubuntu0.7_i386.deb 9003fa8c7f4ac23c6a30980f3201024d 901688 debug optional python3-pil-dbg_5.1.0-1ubuntu0.7_i386.deb 5494589df38f2d6ba78f8112ec56e3c0 34464 debug optional python3-pil.imagetk-dbg_5.1.0-1ubuntu0.7_i386.deb 96cd94c95760d99ed066b08fb37c898e 8996 python optional python3-pil.imagetk_5.1.0-1ubuntu0.7_i386.deb f9bfa8edea4449545e8921c101b09fed 333444 python optional python3-pil_5.1.0-1ubuntu0.7_i386.deb Original-Maintainer: Matthias Klose