UbuntuUpdates.org

Package "pillow"

Name: pillow

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python Imaging Library compatibility layer
  • Dummy transitional package
  • Dummy transitional package
  • Dummy transitional package

Latest version: 2.3.0-1ubuntu3.4
Release: trusty (14.04)
Level: updates
Repository: main

Links



Other versions of "pillow" in Trusty

Repository Area Version
base universe 2.3.0-1ubuntu3
base main 2.3.0-1ubuntu3
security universe 2.3.0-1ubuntu3.4
security main 2.3.0-1ubuntu3.4
updates universe 2.3.0-1ubuntu3.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.0-1ubuntu3.4 2017-03-13 19:06:51 UTC

  pillow (2.3.0-1ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: information disclosure via crafted image
    - debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
    - CVE-2016-9189
  * SECURITY UPDATE: code execution via crafted image
    - debian/patches/CVE-2016-9190.patch: add size check to
      libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
      Tests/test_file_ppm.py.
    - CVE-2016-9190
  * SECURITY UPDATE: re-enabled CVE-2014-9601 fix
    - debian/patches/pillow-CVE-2014-9601-pre.patch: rename len variables
      as length in PIL/PngImagePlugin.py.
    - debian/patches/pillow-CVE-2014-9601.patch: updated.
    - debian/patches/revert-CVE-201409601.patch: removed
    - CVE-2014-9601

 -- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 08:26:41 -0500

Source diff to previous version
CVE-2016-9189 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Int
CVE-2016-9190 Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure
CVE-2014-9601 Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is

Version: 2.3.0-1ubuntu3.3 2016-09-30 19:06:37 UTC

  pillow (2.3.0-1ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: revert fix for CVE-2014-9601 which caused regression
    - debian/patches/revert-CVE-201409601.patch

 -- Emily Ratliff <email address hidden> Thu, 29 Sep 2016 20:48:05 -0500

Source diff to previous version
CVE-2014-9601 Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is

Version: 2.3.0-1ubuntu3.2 2016-09-27 22:06:37 UTC

  pillow (2.3.0-1ubuntu3.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in ImagingFliDecode()
    - debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0775
  * SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
    - debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
      match that returned by libtiff
    - Thanks to Eric Soroos for finding and fixing this issue.
    - CVE-2016-0740
  * SECURITY UPDATE: PCD decoder overruns the shuffle buffer
    - debian/patches/pillow-CVE-2016-2533.patch: correct size adjustments
    - CVE-2016-2533
  * SECURITY-UPDATE: Icns DOS fix
    - debian/patches/pillow-CVE-2014-3589.patch: Icns DOS fix
    - Thanks to Andrew Drake for reporting this issue.
    - CVE-2014-3589
  * SECURITY-UPDATE: Fix potential PNG decompression DOS
    - debian/patches/pillow-CVE-2014-9601.patch: Fix PNG decompresson DOS
    - CVE-2014-9601

 -- Emily Ratliff <email address hidden> Mon, 26 Sep 2016 18:03:27 -0500

CVE-2016-0775 Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of servic
CVE-2016-0740 Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory vi
CVE-2016-2533 Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remo
CVE-2014-3589 PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of se
CVE-2014-9601 Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is



About   -   Send Feedback to @ubuntu_updates