UbuntuUpdates.org

Package "python-imaging"

Name: python-imaging

Description:

Python Imaging Library

Latest version: 1.1.7-4ubuntu0.12.04.3
Release: precise (12.04)
Level: security
Repository: main

Links


Download "python-imaging"


Other versions of "python-imaging" in Precise

Repository Area Version
base main 1.1.7-4
updates main 1.1.7-4ubuntu0.12.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.7-4ubuntu0.12.04.3 2017-03-13 18:06:52 UTC

  python-imaging (1.1.7-4ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: information disclosure via crafted image
    - map.c: add overflow checks.
    - CVE-2016-9189
  * SECURITY UPDATE: code execution via crafted image
    - libImaging/Storage.c: add size check.
    - CVE-2016-9190
  * SECURITY-UPDATE: potential PNG decompression DOS
    - PIL/PngImagePlugin.py: rename len variables as length and limit size.
    - CVE-2014-9601

 -- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 08:50:53 -0500

Source diff to previous version
CVE-2016-9189 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Int
CVE-2016-9190 Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure
CVE-2014-9601 Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is

Version: 1.1.7-4ubuntu0.12.04.2 2016-09-15 14:06:36 UTC

  python-imaging (1.1.7-4ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Fixes for buffer overflows
    - PIL/IcnsImagePlugin.py, libImaging/PcdDecode.c, libImaging/FliDecode.c
    - CVE-2016-0775
    - CVE-2016-2533
    - CVE-2014-3596
    - Kudos to Andrew Drake and Eric Soroos for discovering these issues.

 -- Emily Ratliff <email address hidden> Fri, 09 Sep 2016 14:45:49 -0500

Source diff to previous version
CVE-2016-0775 Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of servic
CVE-2016-2533 Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remo
CVE-2014-3596 The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Nam

Version: 1.1.7-4ubuntu0.12.04.1 2014-04-15 15:06:44 UTC

  python-imaging (1.1.7-4ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: insecure use of temporary files
    - PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
      PIL/JpegImagePlugin.py: use tempfile.mkstemp().
    - https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66
    - CVE-2014-1932
    - CVE-2014-1933
 -- Marc Deslauriers <email address hidden> Mon, 31 Mar 2014 10:25:50 -0400

CVE-2014-1932 insecure use of /tmp
CVE-2014-1933 sensitive filename information on commandline visible



About   -   Send Feedback to @ubuntu_updates