-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6147-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 20, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pillow CVE ID : CVE-2026-25990 Yarden Porat discovered that missing input sanitising in the PSD support of Pillow, a Python imaging library, could result in denial of service or the execution of arbitrary code if malformed images are processed. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 11.1.0-5+deb13u1. We recommend that you upgrade your pillow packages. For the detailed security status of pillow please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pillow Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmYso0ACgkQEMKTtsN8 TjacPw//TgVjozrcrjPt3MrfjAkb+dnxgIHrTx6ptSeRQgtQQJJzneFqqmNV1+BR Dnt2DTu6vtVEBF3PqWoRNn4fQU3P0VtvIwTe8iCJH+Hx5wYAka1JrbpiS99FzNlu puN2Tbw07bJoHktYjSfpWeTjFgSUzoywwEv1OKBHlZEm6o+mG3htdqYckzz9sUHw fcavERSS12zGxtlUenP4kayw7vGpl1Zb6ma+T33j9Z1pk7eyYnpPQ2G1kiqnd/Yf 16WQgwO3ihUSnzpOJ6NQ+zH/JiF7gIg3nRphFu7IXPgl2Ww/VjoCCahs3dmxQWms fFRBUGeNpJlhAgV3UuvvCJ7/CeRKlPWyi/HlKVJLeNnieCSt0C/2X/3aEHFtUGhn Q6NT0vfxDT/V9Y3l2+wXD7qdgj9VIesY3r+JzbJ4rBGDwHLooSjKH1b80EG37la7 ki7O9stIIvQ+96Ae6EP8A9kbiyOXRFMcUee1F8Fwqsvw1gdVfWCSpQnDbxQrGJhk C4ZpdpvHrUnveGAnmaQU2gsZ37NbY6mdaeR9LuZOuyV8rWQWvnIdI3HcvqYd7FJn dQTqNvfATKGRRFOZU+SkrskcenloKoYrO9/dZbcWwBPralUqmM41ilOkpVml1yYm BGvZ9zv+GmFhhnDDlc0UBm//voIsRKSeHU/bXN0Nw82m+5ZJu1M= =LgNJ -----END PGP SIGNATURE-----
