Format: 1.8
Date: Mon, 03 Feb 2020 13:04:40 -0300
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc
Architecture: amd64 all
Version: 5.1.0-1ubuntu0.2
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-024.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Changes:
 pillow (5.1.0-1ubuntu0.2) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: Exceed memory amount and delay in process image
     - debian/patches/CVE-2019-16865-*.patch: Corrected negative seeks in
       PIL/PsdImagePlugin.py, Added decompression bomb checks in
       PIL/GifImagePlugin.py and PIL/IcoImagePlugin.py, Catch buffer overruns
       in libImaging/PcxDecode.c, libImaging/FliDecode.c and added some tests
       in Tests/images/*.
     - CVE-2019-16865
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-19911.patch:  Raise an error for an invalid
       number of bands in FPX image in PIL/FpxImagePlugin.py and added some
       testes in Test/images/*.
     - CVE-2019-19911
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5311.patch: catch SGI buffer overruns
       in src/libImaging/SgiRleDecode.c.
     - CVE-2020-5311
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5312.patch: Catch PCX P mode buffer overrun
       in libImaging/PcxDecode.c and added some tests in Test/images/*.
     - CVE-2020-5312
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2020-5313.patch: catch FLI buffer overrun in
       libImaging/FliDecode.c and added some tests in Test/images/*.
     - CVE-2020-5313
Checksums-Sha1:
 f40a11da201d6bfd9c37b71a23fbdacbca066c8e 13567 pillow_5.1.0-1ubuntu0.2_amd64.buildinfo
 79c416d1698f9af97a8e478f80833f4e568a7d61 766164 python-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 af90882d3a6f200c29beb77994ab9891d383a3cb 367112 python-pil-doc_5.1.0-1ubuntu0.2_all.deb
 47dcfb402dcfce768610ca7b9acbb3bd811171f5 29812 python-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 6f9f436a9427b112749e1c1ed2f25af04808cd6f 8480 python-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 a79a235ebbb6c99b33d0e603e608244c41fdc2dc 328724 python-pil_5.1.0-1ubuntu0.2_amd64.deb
 b8035f61c6c85c4f1a6b7c7d569cbd28348f2e9b 953992 python3-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 484aed4f7478ee0821428673b281d5f8b5b600e9 36032 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 a780b714b61323baa0beb4be4f27f107272258f2 8664 python3-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 fdc43f5a21bc9d6dafe71532e56b9a507941761b 329168 python3-pil_5.1.0-1ubuntu0.2_amd64.deb
Checksums-Sha256:
 de1b495474825ddfdfcc21ee0aa008acaf6d052428f2cfa12c77ffbe78d6e009 13567 pillow_5.1.0-1ubuntu0.2_amd64.buildinfo
 69682746247754e87e562129ceb063aae0017653a144888db88df700e6dd7de9 766164 python-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 cacfef0cfce3b2d75a2334ab508d38a65e9445af8f45507768dce72eca927d60 367112 python-pil-doc_5.1.0-1ubuntu0.2_all.deb
 5773575bcd8978f6c1c9afa4f84148625a4a3c213dbe5c6f721d2c56658edec7 29812 python-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 b3955fa7b0eeefe1536287bbfbb6ec612682060c4553f1f3f6cc6c918f984917 8480 python-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 bf263bba25cb26535e6d02581d9c2e3dbb1b1ec15257b91f44d1fe1fc110cbd6 328724 python-pil_5.1.0-1ubuntu0.2_amd64.deb
 b4c9852b5a1987eb9700c5f4731493dd0de2439900fddffd641d10f699f6c77a 953992 python3-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 6de47e2d0ed199c0864c23f5db1ffef2b7d2fdd6c77c6187ce7dcd0fc8c3d674 36032 python3-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 8a798ac67003203101e0ea305ab88ceda111910cdf3e4a6409b957432d07536a 8664 python3-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 7d7c9923ab0ced580bd90db51784be9f40c5ef98a2369fa14c8d1ff6c574a55b 329168 python3-pil_5.1.0-1ubuntu0.2_amd64.deb
Files:
 588d34fa84953efff6ad974c59e21725 13567 python optional pillow_5.1.0-1ubuntu0.2_amd64.buildinfo
 36a50ffee7497ed430e79e63554c82c4 766164 debug optional python-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 8d86a299b6e9a250162eb4b5b4ed4f5b 367112 doc optional python-pil-doc_5.1.0-1ubuntu0.2_all.deb
 0bc1566a0872f785f9457f46fd2c8aa4 29812 debug optional python-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 d7f791b17474ec5c271d00985b49fa83 8480 python optional python-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 a460c4fb917abfb93a49b761f36cacdf 328724 python optional python-pil_5.1.0-1ubuntu0.2_amd64.deb
 4316496d02ca394178b3b9c910f90f18 953992 debug optional python3-pil-dbg_5.1.0-1ubuntu0.2_amd64.deb
 32df559917ceed33bf4f1284e6e7edef 36032 debug optional python3-pil.imagetk-dbg_5.1.0-1ubuntu0.2_amd64.deb
 a84b1cda53adf1835732c13f3d5f047c 8664 python optional python3-pil.imagetk_5.1.0-1ubuntu0.2_amd64.deb
 0f0df88a3b697b192a9e72e8c8fb5793 329168 python optional python3-pil_5.1.0-1ubuntu0.2_amd64.deb
Original-Maintainer: Matthias Klose <doko@debian.org>