Univention Bugzilla – Bug 34780
python-imaging: Multiples issues (3.2)
Last modified: 2019-04-11 19:25:26 CEST
+++ This bug was initially created as a clone of Bug #34779 +++ Insecure temporary files (CVE-2014-1932, CVE-2014-1933) Shell code injection (CVE-2014-3007)
Denial of service in the icns plugin (CVE-2014-3589)
Denial of service in handling PNG images (CVE-2014-9601)
All of the issues above have been classified as "Minor issue" in Debian.
The issues were classified as minor issues. Removing target milestone.
Two new issues fixed in upstream Debian package version 1.1.7-2+deb6u2: * Execution of arbitrary code due to buffer overflow in FliDecode.c (CVE-2016-0775) * A second buffer overflow was in PcdDecode.c. A CVE identifier has not been assigned yet.
Upstream Debian (Wheezy) package version 1.1.7-4+deb7u3 fixes: * Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. (CVE-2016-9189) * Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190)
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.2. UCS 3.2 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.