Bug#813909: marked as done (pillow: CVE-2016-0775: Buffer overflow in FliDecode.c)

Sun, 21 Feb 2016 05:52:30 -0800 

Your message dated Sun, 21 Feb 2016 13:49:44 +0000
with message-id <[email protected]>
and subject line Bug#813909: fixed in python-imaging 1.1.7-2+deb6u2
has caused the Debian Bug report #813909,
regarding pillow: CVE-2016-0775: Buffer overflow in FliDecode.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
813909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: pillow
Version: 2.2.1-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for pillow.

CVE-2016-0775[0]:
Buffer overflow in FliDecode.c

This is fixed in new upstream version 3.1.1.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-0775
[1] 
https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: python-imaging
Source-Version: 1.1.7-2+deb6u2

We believe that the bug you reported is fixed in the latest version of
python-imaging, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated python-imaging package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Feb 2016 13:28:45 +0100
Source: python-imaging
Binary: python-imaging python-imaging-dbg python-imaging-tk 
python-imaging-tk-dbg python-imaging-sane python-imaging-sane-dbg 
python-imaging-doc
Architecture: source all i386
Version: 1.1.7-2+deb6u2
Distribution: squeeze-lts
Urgency: high
Maintainer: Matthias Klose <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description: 
 python-imaging - Python Imaging Library
 python-imaging-dbg - Python Imaging Library (debug extension)
 python-imaging-doc - Examples for the Python Imaging Library
 python-imaging-sane - Python Imaging Library - SANE interface
 python-imaging-sane-dbg - Python Imaging Library - SANE interface (debug 
extension)
 python-imaging-tk - Python Imaging Library - ImageTk Module
 python-imaging-tk-dbg - Python Imaging Library - ImageTk Module (debug 
extension)
Closes: 813909
Changes: 
 python-imaging (1.1.7-2+deb6u2) squeeze-lts; urgency=high
 .
   * CVE-2016-0775.
     Fix buffer overflow in FliDecode.c (Closes: #813909)
   * Fix buffer overflow in PcdDecode.c. No CVE identifier has been assigned
     yet.
Checksums-Sha1: 
 4a96ae269a561dd60f20104e8a186cd9e46cd6e5 2125 python-imaging_1.1.7-2+deb6u2.dsc
 68c7045cfb48bebbe9529d65ac4db17c2fb33824 9151 
python-imaging_1.1.7-2+deb6u2.diff.gz
 2162c47087f2b58dc79110162948d415ac5c98f7 70460 
python-imaging-doc_1.1.7-2+deb6u2_all.deb
 f27c965bab64c41d383112c44da55a5c78935359 433332 
python-imaging_1.1.7-2+deb6u2_i386.deb
 1cc3fbaa813e24dbbe90f56fe82f07225dcaa371 1047972 
python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 f1790929737ec0df8b81d7c26396555fc4b697b2 37314 
python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 2802a34e4b472f9be3ec8df2c89727ec7f465646 21818 
python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 bab7e6ade834d0510f247c3237ab9e951b5c687b 52340 
python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 ac24ca3f13618e433f04ab9a45e64b1cfa3fc42b 65510 
python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb
Checksums-Sha256: 
 aa77531d6be07e25402fd09d396977c4ed4b136c09986023968f510cfb57fdc0 2125 
python-imaging_1.1.7-2+deb6u2.dsc
 f6d4cf26bb6a21b9adbe34969185d35c49ca675c5a0541f54e2def0c0cf3c087 9151 
python-imaging_1.1.7-2+deb6u2.diff.gz
 f44187cae4895f7fd101e75b90e361531d9532f1ab40a158f0ad03a2e0fccec4 70460 
python-imaging-doc_1.1.7-2+deb6u2_all.deb
 4c9f64930b18281a05da65c67a4bb35fc569ce05e9b3bca0f8383d770e5337d5 433332 
python-imaging_1.1.7-2+deb6u2_i386.deb
 93999e8a92e2274d57c4781f91f1ddf4d6c59153cfb103e70a0072bfd3a4a2e8 1047972 
python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 f283e72c61f718f2ba64a2fbb56d443fa4ca92a3898cff4fad666d20c7a3197b 37314 
python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 47736162a67787404443298a44afb152d3ed2dc5e6c1add4c8b967539ad23286 21818 
python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 fdc51af88bce71ee44eee3e0917867eb126d4f2a00757354264495e78dd31c2f 52340 
python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 19f20c8fad933ffa778b6d1a156d88d7f2b804290b249d1564d16ff6e3ed8e96 65510 
python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb
Files: 
 ec292896d945a9a99bed5f3794f259d1 2125 python optional 
python-imaging_1.1.7-2+deb6u2.dsc
 ee139cbd8953c6870d7cf3dbe793d422 9151 python optional 
python-imaging_1.1.7-2+deb6u2.diff.gz
 c9297512b2d3d4cbead5325e4bc7af2a 70460 doc optional 
python-imaging-doc_1.1.7-2+deb6u2_all.deb
 a68740daf8dbc6d624ada5f52b11d583 433332 python optional 
python-imaging_1.1.7-2+deb6u2_i386.deb
 f95ebedb2fa90fdc2ffbb5d8e9840f60 1047972 debug extra 
python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 89590f2cd2fcc1f0230678573b3368a3 37314 python optional 
python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 676201b4bf4b945f1a74ed55e24ae8f7 21818 debug extra 
python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 0b5852a600d93620fd2852a0021bbaba 52340 python optional 
python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 dac61474b851857ed3c73b64f1e8a3de 65510 debug extra 
python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWybr0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkg2cP/3sk9m0PIdK/zfHs4pBF3Xff
/5L+Sra+EblysHclV6Y36Z/gQCbg4osJcVQxPD7o3i90NcTrAJI9Sdir+4EtALTN
FLPxjeFmq3Nzh3Cka4q39soGs/z+84pA1dWpGkyJrp9odDuTkc16aPhPUF3mU6ZN
DtIOl42nSAyFpA7zTYeJS/oWCeHTFAN5pWsw8W8NPm6uQQeXHGQbxqwwBteHMzsA
xfojeFREkhZOIfQQ6z0BkdZwcr1qBqf8FdpHFr6slNRJjS11Vmju0rsbfyD8v0OZ
cMUPYffDQEMnPvFrT51J6HjM94vdkd/yZFOBcKrGT1EZce5lvY9Rr+ol7FyNUuW9
4I0O8Tg76b9Jvfb23fZNhnRzQNFSIQFnIr/q21hJm9++OFy7D25MA3dimZDHtqTF
ZVMe3iD2lBpbPvu6f0Vl++FYkhYSVPYLzJdRSHBL3NZoxCTMhTs1Ndz4/+NVUCQ2
I4wOvhRb4mxBWt4yAt6TUJOoXEsM+RS+6fFW5J1IxdG/XjwJmn3cu5EE8PTXYzVK
DQ2Cjv4TLEolMCv9kWe454F92Y+46aQxV30D0+P3PGJvPj3Tx08lQ7umnyqSI1Ex
Uc3np9fFiwi49Rs07MOgJqvPz4wtgBxBC85krm1XS9lwmdCw5BPyNGPtHKr+O2dr
ofpmji7muJLt0v6KpS5m
=GOgf
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to