CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2016/03/11 02:17:30
Modified files:
graphics/py-Pillow: Tag: OPENBSD_5_8 Makefile
Added files:
graphics/py-Pillow/patches: Tag: OPENBSD_5_8
patch-libImaging_PcdDecode_c
Log message:
Add upstream patch to py-Pillow, fixing a buffer overflow in PcdDecode.c,
where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel
wide buffer, allowing writing 768 bytes off the end of the buffer. This
overwrites objects in Python's stack, leading to a crash.
https://github.com/python-pillow/Pillow/pull/1706, CVE-2016-2533
