Package "python-imaging"
Name: |
python-imaging
|
Description: |
Python Imaging Library compatibility layer
|
Latest version: |
2.3.0-1ubuntu3.4 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
pillow |
Links
Download "python-imaging"
Other versions of "python-imaging" in Trusty
Changelog
pillow (2.3.0-1ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: information disclosure via crafted image
- debian/patches/CVE-2016-9189.patch: add overflow checks to map.c.
- CVE-2016-9189
* SECURITY UPDATE: code execution via crafted image
- debian/patches/CVE-2016-9190.patch: add size check to
libImaging/Storage.c, add test to Tests/images/negative_size.ppm,
Tests/test_file_ppm.py.
- CVE-2016-9190
* SECURITY UPDATE: re-enabled CVE-2014-9601 fix
- debian/patches/pillow-CVE-2014-9601-pre.patch: rename len variables
as length in PIL/PngImagePlugin.py.
- debian/patches/pillow-CVE-2014-9601.patch: updated.
- debian/patches/revert-CVE-201409601.patch: removed
- CVE-2014-9601
-- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 08:26:41 -0500
|
Source diff to previous version |
CVE-2016-9189 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Int |
CVE-2016-9190 |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure |
CVE-2014-9601 |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is |
|
pillow (2.3.0-1ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: revert fix for CVE-2014-9601 which caused regression
- debian/patches/revert-CVE-201409601.patch
-- Emily Ratliff <email address hidden> Thu, 29 Sep 2016 20:48:05 -0500
|
Source diff to previous version |
CVE-2014-9601 |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is |
|
pillow (2.3.0-1ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overflow in ImagingFliDecode()
- debian/patches/pillow-CVE-2016-0775.patch: correct memcpy location
- Thanks to Eric Soroos for finding and fixing this issue.
- CVE-2016-0775
* SECURITY UPDATE: buffer overflow in ImagingLibTiffDecode
- debian/patches/pillow-CVE-2016-0740.patch: correct type of size to
match that returned by libtiff
- Thanks to Eric Soroos for finding and fixing this issue.
- CVE-2016-0740
* SECURITY UPDATE: PCD decoder overruns the shuffle buffer
- debian/patches/pillow-CVE-2016-2533.patch: correct size adjustments
- CVE-2016-2533
* SECURITY-UPDATE: Icns DOS fix
- debian/patches/pillow-CVE-2014-3589.patch: Icns DOS fix
- Thanks to Andrew Drake for reporting this issue.
- CVE-2014-3589
* SECURITY-UPDATE: Fix potential PNG decompression DOS
- debian/patches/pillow-CVE-2014-9601.patch: Fix PNG decompresson DOS
- CVE-2014-9601
-- Emily Ratliff <email address hidden> Mon, 26 Sep 2016 18:03:27 -0500
|
CVE-2016-0775 |
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of servic |
CVE-2016-0740 |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory vi |
CVE-2016-2533 |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remo |
CVE-2014-3589 |
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of se |
CVE-2014-9601 |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is |
|
About
-
Send Feedback to @ubuntu_updates