Bug#813909: marked as done (pillow: CVE-2016-0775: Buffer overflow in FliDecode.c)

Fri, 04 Mar 2016 15:37:18 -0800 

Your message dated Fri, 04 Mar 2016 23:34:04 +0000
with message-id <[email protected]>
and subject line Bug#813909: fixed in python-imaging 1.1.7-4+deb7u2
has caused the Debian Bug report #813909,
regarding pillow: CVE-2016-0775: Buffer overflow in FliDecode.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
813909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: pillow
Version: 2.2.1-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for pillow.

CVE-2016-0775[0]:
Buffer overflow in FliDecode.c

This is fixed in new upstream version 3.1.1.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-0775
[1] 
https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: python-imaging
Source-Version: 1.1.7-4+deb7u2

We believe that the bug you reported is fixed in the latest version of
python-imaging, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated python-imaging package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Feb 2016 00:15:07 +0100
Source: python-imaging
Binary: python-imaging python-imaging-dbg python-imaging-tk 
python-imaging-tk-dbg python-imaging-sane python-imaging-sane-dbg 
python-imaging-doc
Architecture: source all i386
Version: 1.1.7-4+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Matthias Klose <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description: 
 python-imaging - Python Imaging Library
 python-imaging-dbg - Python Imaging Library (debug extension)
 python-imaging-doc - Examples for the Python Imaging Library
 python-imaging-sane - Python Imaging Library - SANE interface
 python-imaging-sane-dbg - Python Imaging Library - SANE interface (debug 
extension)
 python-imaging-tk - Python Imaging Library - ImageTk Module
 python-imaging-tk-dbg - Python Imaging Library - ImageTk Module (debug 
extension)
Closes: 813909
Changes: 
 python-imaging (1.1.7-4+deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2016-0775:
     Fix buffer overflow in FliDecode.c (Closes: #813909)
   * CVE-2016-2533:
     Fix buffer overflow in PcdDecode.c.
Checksums-Sha1: 
 47392ebc9f57340137e0e1eec3e7b446967791fa 2412 python-imaging_1.1.7-4+deb7u2.dsc
 b2e2587562f263e19f7502cee8f480000f037cd9 9759 
python-imaging_1.1.7-4+deb7u2.diff.gz
 a3356b1e7dd5e8f7329781b2ad93ad8cc2fa28f3 70702 
python-imaging-doc_1.1.7-4+deb7u2_all.deb
 b965df6945b5ed4c45c68d680a7a76a64ec1ad10 459080 
python-imaging_1.1.7-4+deb7u2_i386.deb
 ee6d992f55738ede7400bc7c4fd5b30cef9ac2e4 1065162 
python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 200de4dc251601989c9522b301d4bfa616479349 38146 
python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 b41b40eab5bcfa5ed8acfd80bd87db77ee622262 25318 
python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 e2d1cbb57ef001bb8300a7c09fe5e885b68a0353 52524 
python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 543c8ac5307dfe4f5dbf63385194b8378374426d 74740 
python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb
Checksums-Sha256: 
 3c23c9d1648beb705ee1ae97233d25f1c227ebca540933d06bf0daffa4de9a61 2412 
python-imaging_1.1.7-4+deb7u2.dsc
 578df0abb49c5fff0bb5ab35b179b6581940f03018b83929c7767ef7d87af672 9759 
python-imaging_1.1.7-4+deb7u2.diff.gz
 e5eba7be7d29892f47ede5cb37d4f0033e9de56193c92dbb4df15a2d4cecb621 70702 
python-imaging-doc_1.1.7-4+deb7u2_all.deb
 ce5dab8220141309ea88ec4a3cb5c03277cd723e0743b48b13268ef61744c2c4 459080 
python-imaging_1.1.7-4+deb7u2_i386.deb
 5a2cc3832b80615c1f45059e5054f461f4a823695fcddc4f89d6382ab476f870 1065162 
python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 b05370618350f2abbea5289e2a89cf07e47442da351db1aaff2cfa548303da38 38146 
python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 1b8c833a069a043aaec510572388ad34c32fe393c1dc4aba564a8c4d82ba48d4 25318 
python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 69069bf0fb77553ea06f67edc0f33a62ad96508c417c8f29662dda1dc8c266d0 52524 
python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 418240b96a170054aeafcbd1d7c73a51492cf4649f3a299ea5790732e72210fd 74740 
python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb
Files: 
 7576c2ac397b67dde0349f9d2e33cfa2 2412 python optional 
python-imaging_1.1.7-4+deb7u2.dsc
 53297683767065721bd06d47e04d2c45 9759 python optional 
python-imaging_1.1.7-4+deb7u2.diff.gz
 4e46d0d6784584411e8008c97f3d8b0e 70702 doc optional 
python-imaging-doc_1.1.7-4+deb7u2_all.deb
 9661f5a13c269734d95c0d071c8746c1 459080 python optional 
python-imaging_1.1.7-4+deb7u2_i386.deb
 e353a444c0771b9e5717b16dbee2e36b 1065162 debug extra 
python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 d6d73a51de07bc7dbf3a601a925176c0 38146 python optional 
python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 17ebeca193bdb2186ce0ac8c6dbf4f32 25318 debug extra 
python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 b738eb2ba1956758a40a9ebabe20b703 52524 python optional 
python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 003809e1c90ecddb775e902ad5776662 74740 debug extra 
python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWy5jhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkw2MP/jQXXo8OusEiL2E0k3QM5Gi2
cYDCgmRRG4haDRaUK+GfcxPz2lVr9cEAcRoBu0QfolxMqPc+WokUeAEz8Y3L9Ezo
+pbx2ON5CPRG+H2RRctEkCZBf2KiZgUjkvX3klUj2dd9lij5QoUthuOICRc/RKpL
6Sqh5pIPynJBU02wBxbdfU6bAvlLG6s+wvm4QwMU9TGuAUmztMYyyyiidio6hBin
Y1RmcL9AMV/gsbD+PDzBagc85fpoBMIXvj+LqGc/y1yQJJINpj/4jkNctDkYtdjk
5UDU4yjJBF0vgyitZCtlZVyO1aBBJM4ZTRfrgtCWRsb+U5BDdoFODPAdPHhuHvQz
8D49XYaPfoffSr8z4svJOqtIOCPw1KHI8nZ3zDsiZKHYCuN5TQnc8N7Xptmt42v9
bCo3IDNHl7LPuAG9KmFuBfuia2SyoxvOPWjVIHsLU65M8eUw0RZMogDYOJODpmjP
J3Xy+fjJa4O9t8COqllws8HQK9c16mWrDccVhvMeTeBID++K/0DwQwyznYarbDRY
kkQnO8WN7isJszPv+WvT6UG7hY8iBKZblYq4ti0IzJoS9+ejd8PEo/hWxWGvZ88N
Xt67kMMLThXoeHeVk7C38LtE3TDYgOjTjqa+Td8AC809wcCCjLd21fgBuhpxr6vG
bBADmOtOR5Z7jTgfrTa1
=cemt
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to