This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Examples for the Python Imaging Library
- Python Imaging Library (Python3)
- Python Imaging Library (Python3 debug extension)
- Python Imaging Library - ImageTk Module (Python3)
Other versions of "pillow" in Focal
Packages in group
Deleted packages are displayed in grey.
pillow (7.0.0-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer over-read via PCX file
- debian/patches/CVE-2020-35653.patch: don't trust the image to specify
a buffer size in src/PIL/PcxImagePlugin.py.
* SECURITY UPDATE: heap overflow via YCbCr files
- debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings
- debian/patches/CVE-2020-35654-2.patch: fix OOB write in
- debian/patches/CVE-2020-35654-3.patch: rework ReadTile in
* SECURITY UPDATE: buffer over-read via SGI RLE image file
- debian/patches/CVE-2020-35655-1.patch: add checks to
- debian/patches/CVE-2020-35655-2.patch: rework error flags in
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2021 09:55:14 -0500
|Source diff to previous version|
||In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffe
||In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts wit
||In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mi
pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: multiple out of bounds reads
- debian/patches/CVE-2020-10177-1.patch: fix issue in
- debian/patches/CVE-2020-10177-2.patch: refactor to macro in
- debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
- debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
- debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
- debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
- debian/patches/CVE-2020-10177-7.patch: fix comments in
- debian/patches/CVE-2020-10177-8.patch: additional FLI check in
* SECURITY UPDATE: out of bounds read with PCX files
- debian/patches/CVE-2020-10378.patch: fix OOB Access in
* SECURITY UPDATE: two buffer overflows
- debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
- debian/patches/CVE-2020-10379-3.patch: fix typos in
* SECURITY UPDATE: out-of-bounds read via JP2 file
- debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
- debian/patches/CVE-2020-10994-2.patch: fix typo in
* SECURITY UPDATE: out-of-bounds read via SGI file
- debian/patches/CVE-2020-11538.patch: track number of pixels, not the
number of runs in src/libImaging/SgiRleDecode.c.
-- Marc Deslauriers <email address hidden> Tue, 07 Jul 2020 13:14:10 -0400
||Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
||In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read b
||In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
||In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
||In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than
Send Feedback to @ubuntu_updates