[SECURITY] [DLA 2317-1] pillow security update

Sat, 08 Aug 2020 11:03:53 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2317-1              [email protected]
https://www.debian.org/lts/security/                      Utkarsh Gupta
August 08, 2020                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : pillow
Version        : 4.0.0-4+deb9u2
CVE ID         : CVE-2020-10177

It was noticed that in Pillow before 7.1.0, there are multiple
out-of-bounds reads in libImaging/FliDecode.c.

For Debian 9 stretch, this problem has been fixed in version
4.0.0-4+deb9u2.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8u6OcACgkQgj6WdgbD
S5bBwQ/+PCLae1ky4d/WeF769BoUXsdA9CQcy4ZMCKAoD2DCPDdRlo/uwjG1gfds
3dncVBxoWIvROAWLskjSJSQ73zdNcvzYWadfwGg9RjMuisGmY3QXTBE4473Xl0dp
aBejZ2++NZ5vwAzgsj6meeZQtIVbNcSkduT4fgUPXQAXUh5IYm+UcrU82j8VAbKx
J/z7iftO7OjaJEZegmBD7tBd3DiEtGceHHxzKik4r4gq1ZIPloz68kuI/DXp+XIS
hrEoshJvrJ2NtoUsrpRmWkO/aw0dkPJebeHs+mcXCpCobQ+lWiR7AUOnuzO/kGtO
pvzcfbBNQcTXX9uFPpin4ZVAtQecrzNlxx/WXIRtlowvMoh8y/3LuQOg4xEHIyWv
Ae+CwC/e8MdDVGvY+QTBjzXLrlURFw/USbLDzVCeXyvlXF2yGMvToyUibMZbPcs/
B+oGioE7BF7QSnSIlDQcEHUX9esYEg47GiHWh/SbWaSDOYZgOBlROzyKh4HQeQ/p
y2SVH8tKmBn+sJQdKD70y9iiz2UaMCuiSwwRTXx4Gsvj5wQpoSbiZMxbrRrKt5VX
ckfWReSLqiuWpddIWDzhsZ4AP2Lqv1XRAZj/h2jBb6coZdeKMv9fnpMoRiDrRsss
RTvxOfHh3us6K2KE/dGiBpzYM1rHKXwBoUCR3wVfiWHxVqYNTzA=
=uo3f
-----END PGP SIGNATURE-----

Reply via email to