Package "python3-pil.imagetk-dbg"
| Name: |
python3-pil.imagetk-dbg
|
Description: |
Python Imaging Library - ImageTk Module (Python3 debug extension)
|
| Latest version: |
7.2.0-1ubuntu0.2 |
| Release: |
groovy (20.10) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
pillow |
| Homepage: |
http://python-pillow.github.io/ |
Links
Download "python3-pil.imagetk-dbg"
Other versions of "python3-pil.imagetk-dbg" in Groovy
Changelog
|
pillow (7.2.0-1ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: insufficient fix for CVE-2020-35654
- debian/patches/CVE-2021-25289.patch: improve return code check in
src/libImaging/TiffDecode.c.
- CVE-2021-25289
* SECURITY UPDATE: negative-offset memcpy with an invalid size
- debian/patches/CVE-2021-25290.patch: add extra check to
src/libImaging/TiffDecode.c.
- CVE-2021-25290
* SECURITY UPDATE: invalid tile boundaries could lead to an OOB Read
- debian/patches/CVE-2021-25291.patch: check tile validity in
src/libImaging/TiffDecode.c.
- CVE-2021-25291
* SECURITY UPDATE: DoS via backtrack regex
- debian/patches/CVE-2021-25292.patch: use more specific regex in
src/PIL/PdfParser.py.
- CVE-2021-25292
* SECURITY UPDATE: Out of Bounds Read
- debian/patches/CVE-2021-25293.patch: add more checks to
src/libImaging/SgiRleDecode.c.
- CVE-2021-25293
* SECURITY UPDATE: DoS via invalid reported size
- debian/patches/CVE-2021-2792x.patch: check reported sizes in
src/PIL/BlpImagePlugin.py, src/PIL/IcnsImagePlugin.py,
src/PIL/IcoImagePlugin.py.
- CVE-2021-27921
- CVE-2021-27922
- CVE-2021-27923
-- Marc Deslauriers <email address hidden> Wed, 10 Mar 2021 12:41:13 -0500
|
| Source diff to previous version |
| CVE-2020-35654 |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts wit |
| CVE-2021-27921 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly |
| CVE-2021-27922 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly |
| CVE-2021-27923 |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly |
|
|
pillow (7.2.0-1ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: buffer over-read via PCX file
- debian/patches/CVE-2020-35653.patch: don't trust the image to specify
a buffer size in src/PIL/PcxImagePlugin.py.
- CVE-2020-35653
* SECURITY UPDATE: heap overflow via YCbCr files
- debian/patches/CVE-2020-35654-1.patch: fix tiff comparison warnings
in src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-35654-2.patch: fix OOB write in
src/libImaging/TiffDecode.c.
- debian/patches/CVE-2020-35654-3.patch: rework ReadTile in
src/libImaging/TiffDecode.c.
- CVE-2020-35654
* SECURITY UPDATE: buffer over-read via SGI RLE image file
- debian/patches/CVE-2020-35655-1.patch: add checks to
src/libImaging/SgiRleDecode.c.
- debian/patches/CVE-2020-35655-2.patch: rework error flags in
src/libImaging/SgiRleDecode.c.
- CVE-2020-35655
-- Marc Deslauriers <email address hidden> Wed, 13 Jan 2021 09:35:02 -0500
|
| CVE-2020-35653 |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffe |
| CVE-2020-35654 |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts wit |
| CVE-2020-35655 |
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mi |
|
About
-
Send Feedback to @ubuntu_updates
