Your message dated Sat, 05 Mar 2016 22:34:02 +0000
with message-id <[email protected]>
and subject line Bug#813909: fixed in pillow 2.6.1-2+deb8u1
has caused the Debian Bug report #813909,
regarding pillow: CVE-2016-0775: Buffer overflow in FliDecode.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pillow
Version: 2.2.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for pillow.
CVE-2016-0775[0]:
Buffer overflow in FliDecode.c
This is fixed in new upstream version 3.1.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-0775
[1]
https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pillow
Source-Version: 2.6.1-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
pillow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated pillow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Feb 2016 00:00:01 +0100
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg
python-imaging-tk python-sane python-sane-dbg python3-pil python3-pil-dbg
python3-pil.imagetk python3-pil.imagetk-dbg python3-sane python3-sane-dbg
python-pil-doc python-imaging
Architecture: source all amd64
Version: 2.6.1-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Matthias Klose <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Description:
python-imaging - Python Imaging Library compatibility layer
python-imaging-tk - transitional dummy package for smooth upgrades to
python-pil.imag
python-pil - Python Imaging Library (Pillow fork)
python-pil-dbg - Python Imaging Library (debug extension)
python-pil-doc - Examples for the Python Imaging Library
python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug
extension)
python-sane - Python Imaging Library - SANE interface (Pillow fork)
python-sane-dbg - Python Imaging Library - SANE interface (debug extension)
python3-pil - Python Imaging Library (Python3)
python3-pil-dbg - Python Imaging Library (Python3 debug extension)
python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3
debug extension)
python3-sane - Python Imaging Library - SANE interface (Python3)
python3-sane-dbg - Python Imaging Library - SANE interface (Python3 debug
extension)
Closes: 813909
Changes:
pillow (2.6.1-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload.
* CVE-2016-0775:
Fix buffer overflow in FliDecode.c (Closes: #813909)
* CVE-2016-2533:
Fix buffer overflow in PcdDecode.c.
Checksums-Sha1:
38d57579c6961a957bd3a9e27df69685d6e35e7f 3123 pillow_2.6.1-2+deb8u1.dsc
1f2d7e2a88cb59664fa61d3d360f4e1c624dc6ad 7299315 pillow_2.6.1.orig.tar.gz
9e4c7b5b68b50c66a180f692655d2d98888e89fc 16804
pillow_2.6.1-2+deb8u1.debian.tar.xz
5d187fa4710aadffdee5a531bc393d8ba731f2da 8108
python-imaging-tk_2.6.1-2+deb8u1_all.deb
c2d4c5f0992c38f374eb803193939d58696d94ed 19546
python-pil-doc_2.6.1-2+deb8u1_all.deb
220203d37d5faa96a3c236c8ceb3814b097b0366 9710
python-imaging_2.6.1-2+deb8u1_all.deb
56dd08b28a12cb4ea45e4c09b6eb33ac74e18063 303126
python-pil_2.6.1-2+deb8u1_amd64.deb
ba764537a24ab960026af4ac7098264dcff1590c 436272
python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
9252ff8138ebcdfde64d72f456b3d1a6da5df9f2 13742
python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
8bc259e6426315cbc7141d085579d024cb1fa05b 13026
python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
1e1da32d903a8a8f652e3016d26f35ae84b4222a 24954
python-sane_2.6.1-2+deb8u1_amd64.deb
963f89aab6f7f015562939968a540ad937f1a4cd 29898
python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
6a3524fc54421eceee0eacffc989f98944714891 304742
python3-pil_2.6.1-2+deb8u1_amd64.deb
bc221257f5f9757b370a690ca9cdeff8081b75d0 442798
python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
1514e2d7f23469de8a7d5fcae0a3e7be13c6ca93 13828
python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
f4e75b3bc8424eb749010a9c81e612d96a290307 12974
python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
a85da296751fbbc7d794c58a99acce0cf989b0ae 20690
python3-sane_2.6.1-2+deb8u1_amd64.deb
f1f9297413be3dddec3949e163c195d53d913795 30880
python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb
Checksums-Sha256:
bb0f0591bc6ee1cff1128659bc0680b28c5c42bc2f30cb3a3a10cddad7f19c0f 3123
pillow_2.6.1-2+deb8u1.dsc
78647bc8980c98f9d57659083c7a7e30d6a8bdd2c385f5b250f301e85a6acbad 7299315
pillow_2.6.1.orig.tar.gz
2e070f40e8e2ef31d96091c6b25d9b01dd3dc1a409080ac440b3278d8ce47bdb 16804
pillow_2.6.1-2+deb8u1.debian.tar.xz
8aa7cdff44fd5e55607a9bf769f5d564c7c3100bceff63333741f5368bd4687c 8108
python-imaging-tk_2.6.1-2+deb8u1_all.deb
c407cd6557f47d4be01300fda6b606870e2ce9eec9951236ae26da952705443b 19546
python-pil-doc_2.6.1-2+deb8u1_all.deb
d4f844d966c81b176c7698f6ca5ce8b8b413085c0712164ab77521921fee94f9 9710
python-imaging_2.6.1-2+deb8u1_all.deb
a3e9609a0960b75717a48fbb31567e43b5b8c25f4e84ce344687061af7abdac4 303126
python-pil_2.6.1-2+deb8u1_amd64.deb
d44bc482d390ac19b6d5dbe7d869188b263a5fbcd14ccf2635b229e0c54b9570 436272
python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
24df5822180411bb3b24769ed68c98eb63df10838a41e68c3572dff85d94bee0 13742
python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
d7726458ffd7c28d47f2b2b5c97e6f68abdb763cd8f39c73cf76b6a1d25b82b2 13026
python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
6d2606ef227f813f7b5c2e43e4246828649f4463b542cab2bd072bb97a8350f2 24954
python-sane_2.6.1-2+deb8u1_amd64.deb
d48b4c10da4ed8a03f2b2ab93f889196acb206a13d3173611545b388b6d29eec 29898
python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
7784eafc43a1dce5fcb66ada04250c01bec71eb483e0ac7efa81e5c8fe6ea1d3 304742
python3-pil_2.6.1-2+deb8u1_amd64.deb
de294f9b98a03cd35624e5d316160c22fe02aa925b146f928fa2ec209960f276 442798
python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
52f88b86339f193a1b8b0890b1291d8f2a15da4c2283bab1be479afc9d892b90 13828
python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
42b1293f9ff6f30a64533be40d7aae0e2c252f71eba0c07cffe5e57a0fd5b125 12974
python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
1839bc7316c1f2c4137f5ffd3cbcbe34125e7465cf578800525a56e69065d737 20690
python3-sane_2.6.1-2+deb8u1_amd64.deb
a086be95286583f70a1454eb64cf201aac2e8c15425c1a50fe2c38f3f0b360a2 30880
python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb
Files:
842ce806141c33fc2c2334e25520dfbc 3123 python optional pillow_2.6.1-2+deb8u1.dsc
13932baf686e2b35f604ef5cdc7742f5 7299315 python optional
pillow_2.6.1.orig.tar.gz
25d51e484aaa71b7fabbeaf96629d08b 16804 python optional
pillow_2.6.1-2+deb8u1.debian.tar.xz
578e5316937d068c0b63780cd88092fc 8108 python optional
python-imaging-tk_2.6.1-2+deb8u1_all.deb
3c84ddbcfb9054d45f587cdd62657de9 19546 doc optional
python-pil-doc_2.6.1-2+deb8u1_all.deb
af1279058b6883632c169480bebc495b 9710 python optional
python-imaging_2.6.1-2+deb8u1_all.deb
e96c6160e48180c3ab1d15a4efd4af8b 303126 python optional
python-pil_2.6.1-2+deb8u1_amd64.deb
57ce391ba7809f1500ff215093d0344c 436272 debug extra
python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
275b37b111e0034076e6fb37a54df3d6 13742 python optional
python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
102e6a20ddc9d31f4adcf0d222587edc 13026 debug extra
python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
5c39f2b984f2d69a00ba1d9e35ec36c6 24954 python optional
python-sane_2.6.1-2+deb8u1_amd64.deb
2496c94ee4e63d91fd400581108c6433 29898 debug extra
python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
0864403ba7102c079880aeb791f17541 304742 python optional
python3-pil_2.6.1-2+deb8u1_amd64.deb
3690ff6f98ef6013b5966e5667cc8bab 442798 debug extra
python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
9028726024ca64d6e4966450fa2182cf 13828 python optional
python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
17247f50df5631ae4c534b1c58eb791a 12974 debug extra
python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
062cc469f7697a966b158459b6692c07 20690 python optional
python3-sane_2.6.1-2+deb8u1_amd64.deb
1097fc66a1290c911724d8f391c3f667 30880 debug extra
python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWzC7fXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkKIUP/3aFcGP0GN/f7397X6xWdKXv
xDaa4biSz3KWc2l4IKxjQwpjNw3YIZhLKM3FoIQ+Y4NbS8IoacgOfPjbwwvuua0l
CLC15RkJvnX64XKbFmT/XYVdZUpqVFT/prY9H9Etj9LS5ew1OY8pdCPxOE5XMIlv
9Pnph698b89VRmPXw2g9fKKUYkhLQOhIrJIx6iW7MJEAfFhsjBzmT/mp/BZgnNZF
nxaLUj9b4c/1S2f1VIT+fvp7OtKpjj+t7vo5c7gdetYxUqZR6NoCSt+vkN3GbCDd
nMpPsbpZmvjqgpVhJp2ydC+H/C4hDH0OzrRpPPSlMpfc3n/euJ34X3jg+d0FeWNN
pUHwpCZXNxAaXlyGciuRKT9wHEKuKykO69K1KcfuTfoE/C2HvBR0ILBOVU6gRU21
eMt5Mpel2EzFmOImb1KV5MW0+oUb0Jf9RRFBgI8XHIl4imOQmOpZBTOmKkfn9EAv
av0ziWdAW8MwK1RGKNBTXmIShuprb1ytX5fkYX2HsCFd8reyVa+JmKr/BMC2ESF1
3nu3Kzd7gFaduXI+9tE6JL+bmmfv8OsarKEJvV5Ew0rFT+JtdbVgoI6dWPtlSKbI
ZY/yVxQBETGHPlp72DO30do6+NoWOH3ys2p4nqp1YPSstK2jPlQXOi/w30s0pLbu
YteufrMjB+7fifualNG+
=1Qkw
-----END PGP SIGNATURE-----
--- End Message ---
