[ubuntu/xenial-security] pillow 3.1.2-0ubuntu1.6 (Accepted)

Marc Deslauriers Thu, 11 Mar 2021 06:43:25 -0800

pillow (3.1.2-0ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: negative-offset memcpy with an invalid size
    - debian/patches/CVE-2021-25290.patch: add extra check to
      libImaging/TiffDecode.c.
    - CVE-2021-25290
  * SECURITY UPDATE: DoS via invalid reported size
    - debian/patches/CVE-2021-2792x.patch: check reported sizes in
      PIL/IcnsImagePlugin.py, PIL/IcoImagePlugin.py.
    - CVE-2021-27922
    - CVE-2021-27923


Date: 2021-03-11 13:12:12.297436+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/pillow/3.1.2-0ubuntu1.6

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] pillow 3.1.2-0ubuntu1.6 (Accepted)

Reply via email to