Univention Bugzilla – Bug 53607
pillow: Multiple issues (4.4)
Last modified: 2021-07-28 18:38:01 CEST
New Debian pillow 4.0.0-4+deb9u3 fixes: This update addresses the following issues: * decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653) * negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290) * infinite loop in FliDecode.c can lead to DoS (CVE-2021-28676) * DoS in the open phase via a malicious EPS file (CVE-2021-28677) * buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/pillow_4.0.0-4+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/pillow_4.0.0-4+deb9u3.dsc @@ -1,3 +1,14 @@ +4.0.0-4+deb9u3 [Mon, 19 Jul 2021 13:46:43 +0100] Neil Williams <codehelp@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-34552 - Replace sprintf with snprintf. Backport upstream change + from 8.3. + * CVE-2021-28676 - check that the block advance was + non-zero, potentially leading to an infinite loop on load. + * CVE-2021-25290 - Fix negative size read in TiffDecode.c + * CVE-2020-35653 - Fix read overflow in PCX Decoding + * CVE-2021-28677 - Fix EPS DOS on _open + 4.0.0-4+deb9u2 [Sat, 08 Aug 2020 21:29:46 +0530] Utkarsh Gupta <utkarsh@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-8/#2145602348579952224>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] d2a930813f Bug #53607: pillow 4.0.0-4+deb9u3 doc/errata/staging/pillow.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1014>