Format: 1.8 Date: Wed, 13 Jan 2021 09:55:14 -0500 Source: pillow Binary: python-pil-doc python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg Architecture: all amd64 Version: 7.0.0-4ubuntu0.2 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: python-pil-doc - Examples for the Python Imaging Library python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) Changes: pillow (7.0.0-4ubuntu0.2) focal-security; urgency=medium . * SECURITY UPDATE: buffer over-read via PCX file - debian/patches/CVE-2020-35653.patch: don't trust the image to specify a buffer size in src/PIL/PcxImagePlugin.py. - CVE-2020-35653 * SECURITY UPDATE: heap overflow via YCbCr files - debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-35654-2.patch: fix OOB write in src/libImaging/TiffDecode.c. - debian/patches/CVE-2020-35654-3.patch: rework ReadTile in src/libImaging/TiffDecode.c. - CVE-2020-35654 * SECURITY UPDATE: buffer over-read via SGI RLE image file - debian/patches/CVE-2020-35655-1.patch: add checks to src/libImaging/SgiRleDecode.c. - debian/patches/CVE-2020-35655-2.patch: rework error flags in src/libImaging/SgiRleDecode.c. - CVE-2020-35655 Checksums-Sha1: d6b9e41421ecd17c033df9c525fb5810d5361246 12989 pillow_7.0.0-4ubuntu0.2_amd64.buildinfo e0d54394355e718e91c25a0868c164bd5d95b1e7 409232 python-pil-doc_7.0.0-4ubuntu0.2_all.deb cdd7ac27b9b12ddc7c7d92d3dbe2cb2d1e4eda55 1275420 python3-pil-dbg_7.0.0-4ubuntu0.2_amd64.deb 3443e8c8db6a03eeec88236994cb6efeda1e4e8b 35796 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.2_amd64.deb 35303489f2904e64c1c1160c884702701a5b75b9 8696 python3-pil.imagetk_7.0.0-4ubuntu0.2_amd64.deb 078b2ed989d7d1f1d3b84fca1713d4116b2de4cd 361848 python3-pil_7.0.0-4ubuntu0.2_amd64.deb Checksums-Sha256: a3bf3877562309f39cad1111b39cdbfba279f13f636880c773bf69db4ddc1541 12989 pillow_7.0.0-4ubuntu0.2_amd64.buildinfo 017bfe79d751c8e39570e176799a268d1450462270dab236e47768f69aed98c6 409232 python-pil-doc_7.0.0-4ubuntu0.2_all.deb e71dc7725378e33e3239dd72234f8717f1380f5dfb83a206beb745aab241d6ad 1275420 python3-pil-dbg_7.0.0-4ubuntu0.2_amd64.deb 6b332d587ea850abbc09311e0508a4760f2c46c712fa9ec43a503a0a277f602e 35796 python3-pil.imagetk-dbg_7.0.0-4ubuntu0.2_amd64.deb 86b34177dbb87288cda1c2e59f96bd767975ce0d083f979aa1f6353b4ad29d3d 8696 python3-pil.imagetk_7.0.0-4ubuntu0.2_amd64.deb 26f36e8ef4936489d752eba54c5fd55c5ff35f0bcceb593583cdbe8cfcd51375 361848 python3-pil_7.0.0-4ubuntu0.2_amd64.deb Files: a82e9fd0072ed25d95695aacec86da01 12989 python optional pillow_7.0.0-4ubuntu0.2_amd64.buildinfo 21bf03f5be125d094b2e4d80c2a6d9ba 409232 doc optional python-pil-doc_7.0.0-4ubuntu0.2_all.deb d29ff08cd354d38e2586cc9b0c0d85ed 1275420 debug optional python3-pil-dbg_7.0.0-4ubuntu0.2_amd64.deb d33a43ec76ad34aa138897e2aa85a9ea 35796 debug optional python3-pil.imagetk-dbg_7.0.0-4ubuntu0.2_amd64.deb f59c003230fd387bb92ff3ffb7aac2b2 8696 python optional python3-pil.imagetk_7.0.0-4ubuntu0.2_amd64.deb 0ab127f21bc5f0c4ef029b85f36d950a 361848 python optional python3-pil_7.0.0-4ubuntu0.2_amd64.deb Original-Maintainer: Matthias Klose