Package "pillow"
Name: |
pillow
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Examples for the Python Imaging Library
- Python Imaging Library (Python3)
- Python Imaging Library (Python3 debug extension)
- Python Imaging Library - ImageTk Module (Python3)
|
Latest version: |
7.0.0-4ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "pillow" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
pillow (7.0.0-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer over-read via PCX file
- debian/patches/CVE-2020-35653.patch: don't trust the image to specify
a buffer size in src/PIL/PcxImagePlugin.py.
- CVE-2020-35653
* SECURITY UPDATE: heap overflow via YCbCr files
- debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings
in src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-35654-2.patch: fix OOB write in
src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-35654-3.patch: rework ReadTile in
src/libImaging/TiffDecode.c.
- CVE-2020-35654
* SECURITY UPDATE: buffer over-read via SGI RLE image file
- debian/patches/CVE-2020-35655-1.patch: add checks to
src/libImaging/SgiRleDecode.c.
- debian/patches/CVE-2020-35655-2.patch: rework error flags in
src/libImaging/SgiRleDecode.c.
- CVE-2020-35655
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2021 09:55:14 -0500
|
Source diff to previous version |
CVE-2020-35653 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffe |
CVE-2020-35654 |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts wit |
CVE-2020-35655 |
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mi |
|
pillow (7.0.0-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: multiple out of bounds reads
- debian/patches/CVE-2020-10177-1.patch: fix issue in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-2.patch: refactor to macro in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-3.patch: fix OOB Reads in SS2 Chunk in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-4.patch: fix OOB in LC packet in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-5.patch: fix OOB Advance Values in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-6.patch: fix OOB Read in FLI Copy Chunk
in src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-7.patch: fix comments in
src/libImaging/FliDecode.c.
- debian/patches/CVE-2020-10177-8.patch: additional FLI check in
src/libImaging/FliDecode.c.
- CVE-2020-10177
* SECURITY UPDATE: out of bounds read with PCX files
- debian/patches/CVE-2020-10378.patch: fix OOB Access in
src/libImaging/PcxDecode.c.
- CVE-2020-10378
* SECURITY UPDATE: two buffer overflows
- debian/patches/CVE-2020-10379-1.patch: ensure that Tiff's concept of
Strip and Tilesize matches Pillow's in src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-10379-2.patch: avoid uninitialized read in
src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-10379-3.patch: fix typos in
src/libImaging/TiffDecode.c.
- CVE-2020-10379
* SECURITY UPDATE: out-of-bounds read via JP2 file
- debian/patches/CVE-2020-10994-1.patch: fix for OOB Read in
src/libImaging/Jpeg2KDecode.c.
- debian/patches/CVE-2020-10994-2.patch: fix typo in
src/libImaging/Jpeg2KDecode.c.
- CVE-2020-10994
* SECURITY UPDATE: out-of-bounds read via SGI file
- debian/patches/CVE-2020-11538.patch: track number of pixels, not the
number of runs in src/libImaging/SgiRleDecode.c.
- CVE-2020-11538
-- Marc Deslauriers <email address hidden> Tue, 07 Jul 2020 13:14:10 -0400
|
CVE-2020-10177 |
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. |
CVE-2020-10378 |
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read b |
CVE-2020-10379 |
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. |
CVE-2020-10994 |
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. |
CVE-2020-11538 |
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than |
|
About
-
Send Feedback to @ubuntu_updates