Ubuntu
pillow package

Upgrade to at least 3.1.1 from February 2016

Bug #1542095 reported by Pander on 2016-02-04

260

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	pillow (Ubuntu)	Fix Released	High	Unassigned

Bug Description

PLease, upgrade to at least 3.1.1 from February 2016, see https://github.com/python-pillow/Pillow and https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst

When this package is upgraded, version 3.2.0 might be out with more fixes.

Tags:

CVE References

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-02-04:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pillow (Ubuntu):
status:	New → Confirmed

Alberto Salvia Novella (es20490446e) on 2016-02-09

Changed in pillow (Ubuntu):
importance:	Undecided → Critical

Revision history for this message

Mathew Hodson (mhodson) wrote on 2016-04-13:

This bug was fixed in the package pillow 3.1.1-1

---
pillow (3.1.1-1) unstable; urgency=medium

  * Pillow 3.1.1 release.
    - CVE-2016-0740: Fix buffer overflow in TiffDecode.c. Closes: #813905.
    - CVE-2016-0775: Fix buffer overflow in FliDecode.c. Closes: #813909.

-- Matthias Klose <email address hidden> Wed, 10 Feb 2016 10:40:44 +0100

information type:	Public → Public Security
Changed in pillow (Ubuntu):
importance:	Critical → High
status:	Confirmed → Fix Released
tags:	removed: 16.04 python

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupillow package