Your message dated Wed, 10 Feb 2016 10:21:18 +0000
with message-id <[email protected]>
and subject line Bug#813909: fixed in pillow 3.1.1-1
has caused the Debian Bug report #813909,
regarding pillow: CVE-2016-0775: Buffer overflow in FliDecode.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pillow
Version: 2.2.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for pillow.
CVE-2016-0775[0]:
Buffer overflow in FliDecode.c
This is fixed in new upstream version 3.1.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0775
[1]
https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pillow
Source-Version: 3.1.1-1
We believe that the bug you reported is fixed in the latest version of
pillow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated pillow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 10 Feb 2016 10:40:44 +0100
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg
python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg
python-pil-doc python-imaging
Architecture: source all amd64
Version: 3.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Description:
python-imaging - Python Imaging Library compatibility layer
python-pil - Python Imaging Library (Pillow fork)
python-pil-dbg - Python Imaging Library (debug extension)
python-pil-doc - Examples for the Python Imaging Library
python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug
extension)
python3-pil - Python Imaging Library (Python3)
python3-pil-dbg - Python Imaging Library (Python3 debug extension)
python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3
debug extension)
Closes: 813905 813909
Changes:
pillow (3.1.1-1) unstable; urgency=medium
.
* Pillow 3.1.1 release.
- CVE-2016-0740: Fix buffer overflow in TiffDecode.c. Closes: #813905.
- CVE-2016-0775: Fix buffer overflow in FliDecode.c. Closes: #813909.
Checksums-Sha1:
d9315780863189a34c9582094423aa1721e05af9 2681 pillow_3.1.1-1.dsc
2ddf50ac4388fc829450b2c602868321bb7e49b6 7129916 pillow_3.1.1.orig.tar.xz
2aef9d33f70dcd4b02ce25c28cf7322a10396aa1 14468 pillow_3.1.1-1.debian.tar.xz
39428a40dc42a394093e363e75ea0cb9f00b9fd9 44370 python-imaging_3.1.1-1_all.deb
bf96761ec9750acbbec2544f81ac52093bd6d9f4 446724
python-pil-dbg_3.1.1-1_amd64.deb
c0db8c443e10fb0dd0c6afd82dbb4fcfc2c1570f 53494 python-pil-doc_3.1.1-1_all.deb
ede7d5f1a2f6e033fb33db3d6f91a702c7634287 13244
python-pil.imagetk-dbg_3.1.1-1_amd64.deb
002b7f2fdf5017826452c537b658dadfe82c7db3 48324
python-pil.imagetk_3.1.1-1_amd64.deb
7eafb7dafe15dcf97d7d5e757a44ba5fd981dcb2 353244 python-pil_3.1.1-1_amd64.deb
cd5f854a057bc10a395470f4a129debfab66397f 768634
python3-pil-dbg_3.1.1-1_amd64.deb
781f1231a9f279d317c8d766f4ac8b19a2d06499 18658
python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
648c6d2c06950c94f6dd55ddfc056ea47a682722 48516
python3-pil.imagetk_3.1.1-1_amd64.deb
ad96d3cbbe3118b4541f4bfa0ec9c4265cb35b2d 354372 python3-pil_3.1.1-1_amd64.deb
Checksums-Sha256:
157d04c7c814b3fbc44a111bef8202e7522559c6dc65b69dedc85975874772ab 2681
pillow_3.1.1-1.dsc
a52564806d3e28aae9bbabe0af8d0b78868d48eb5a6990c0221bc0a8f2469d54 7129916
pillow_3.1.1.orig.tar.xz
40cfba4d61b8981b8b75240fe7bd5674465abf791bdf2ce0d89f776ef1450178 14468
pillow_3.1.1-1.debian.tar.xz
6be335a5919a0a2003ce7a52de75884b61e9baab080f3d16b50a61d9d37543ee 44370
python-imaging_3.1.1-1_all.deb
4b3ba6c4c062eaa87747296befbb1ee94e29031be2f83ebb4d475b5374a99b5f 446724
python-pil-dbg_3.1.1-1_amd64.deb
e17a104c6c5925e3ee3876e345078b8bc480bca5b10a51f08ae0e20b39a05b68 53494
python-pil-doc_3.1.1-1_all.deb
f6e9c23fad5f917d61e4955ac3067c073da3a88d226fa3d67cf0a1a89f10afbc 13244
python-pil.imagetk-dbg_3.1.1-1_amd64.deb
c715b937e7b90c48b7c238aa41ae87b0d8228bee6481e0d572865ec4ded36007 48324
python-pil.imagetk_3.1.1-1_amd64.deb
8fec2cd6ce08da604e6cc45bb1d9cced42bf560af02a011d0e5ae28bedc02536 353244
python-pil_3.1.1-1_amd64.deb
a5871356725482d3fbc54f1df4f79924dda96d504e12ddd9448357d51ed1c7ed 768634
python3-pil-dbg_3.1.1-1_amd64.deb
9ac8db5be58f94f88c149553d3042cb970f5dbe9fdd01dbed9e54a8e0378b95a 18658
python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
0cda1556c6f04ca96835fdacee3fe81c628d685718d63d13751a815c47016c1f 48516
python3-pil.imagetk_3.1.1-1_amd64.deb
9223ac8ac72a7d8fa4e9413e97d821d4ce32026fe8f4f5cb7c4853982528fd4d 354372
python3-pil_3.1.1-1_amd64.deb
Files:
1497016fdefc9062f80d1547de6165b3 2681 python optional pillow_3.1.1-1.dsc
51312ede0e827ea9946703c17cb9ad87 7129916 python optional
pillow_3.1.1.orig.tar.xz
bd02c4986d940217fb3f9b4efc40644d 14468 python optional
pillow_3.1.1-1.debian.tar.xz
f0755a772d19561a0a627cad1f230fc7 44370 python optional
python-imaging_3.1.1-1_all.deb
35faa3c59b5e6e996e963d687616ddbd 446724 debug extra
python-pil-dbg_3.1.1-1_amd64.deb
ab69e208d658d22982e88b10428b7d48 53494 doc optional
python-pil-doc_3.1.1-1_all.deb
61c0b4f9e43cdcaa2dd0558dcde456b0 13244 debug extra
python-pil.imagetk-dbg_3.1.1-1_amd64.deb
7d68b03ce8e5c3a14365567999d2e90c 48324 python optional
python-pil.imagetk_3.1.1-1_amd64.deb
01982a325bee904e297b8ca3c6aac759 353244 python optional
python-pil_3.1.1-1_amd64.deb
d4a061c47c7a22855aecf4a830b9b028 768634 debug extra
python3-pil-dbg_3.1.1-1_amd64.deb
ece5126362c911789422d32346980521 18658 debug extra
python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
69a80cb852404ee9e55347123684eb74 48516 python optional
python3-pil.imagetk_3.1.1-1_amd64.deb
048a73c4ce065a51f85dad7a29683a38 354372 python optional
python3-pil_3.1.1-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWuwg6AAoJEL1+qmB3j6b1rxAQAIFP6Ce4RbUmQNDuL+qfvSFI
GFiQBWPmxBk6f/EowXy5OCKl3MZw/vm0JBwNUxK5VY0wSTzVBUpV7HBQStTt5nhf
MoCbYCheFEdidQOBGDXeXWmNa2EKPYWLZO5J0OKIvERlKaxtnV22OhTsgQR9MO38
Z6ffLtsivPHSY42i4SySRZKVPtq5DqVaojkmehq7lYhU/uUZKDvnF8TT0XcX3uWr
b6P2gphu33M0nsf7Uwx04urb7eDSvrstXFwfEAUYpfjPRTSE+05TM/bRgK2snSwH
RVNyIdz4IcZ/9zXaMpZtunO75eQlHWEWTIBxsle1zwNwAa53ZYe+DDVrn3DKvDOX
hCkVLuJgZ74s7pc8i1yHaArY8h9V+mh7SiVkVmjy0ZgHjmWKvO+2vcyhqcnvo2eD
HOoQH+ZelwxOy72QpCGq3MejlAPhayp7jF6o5KZZ7pvlVWlFskuw2hDVfisPudyl
sIuIN2OqapPxlW8np2itufGnD5pMPIMmloY+iwKuChABiYVkdQCfuXMR6HzELYfK
bAuvtjCAW01ZY5mzk2gjJZfEkhYYyKZq9XTXrY0cp41Jss//zfgJmaNC7MjCdlvt
0S3ChYZmT7XXVmnbDvGTxXMranOjwx7BljTNEmImqnvTvUfGV0qpj8TseY1HlVZN
eegRKFvibifaRr/JUJjG
=6rEF
-----END PGP SIGNATURE-----
--- End Message ---
