[SECURITY] [DLA 2317-1] pillow security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2317-1] pillow security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sat, 8 Aug 2020 23:33:22 +0530
Message-id: <[🔎] e2bbcf9a-0df3-d62a-bf83-060e357a1e7d@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2317-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
August 08, 2020                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : pillow
Version        : 4.0.0-4+deb9u2
CVE ID         : CVE-2020-10177

It was noticed that in Pillow before 7.1.0, there are multiple
out-of-bounds reads in libImaging/FliDecode.c.

For Debian 9 stretch, this problem has been fixed in version
4.0.0-4+deb9u2.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8u6OcACgkQgj6WdgbD
S5bBwQ/+PCLae1ky4d/WeF769BoUXsdA9CQcy4ZMCKAoD2DCPDdRlo/uwjG1gfds
3dncVBxoWIvROAWLskjSJSQ73zdNcvzYWadfwGg9RjMuisGmY3QXTBE4473Xl0dp
aBejZ2++NZ5vwAzgsj6meeZQtIVbNcSkduT4fgUPXQAXUh5IYm+UcrU82j8VAbKx
J/z7iftO7OjaJEZegmBD7tBd3DiEtGceHHxzKik4r4gq1ZIPloz68kuI/DXp+XIS
hrEoshJvrJ2NtoUsrpRmWkO/aw0dkPJebeHs+mcXCpCobQ+lWiR7AUOnuzO/kGtO
pvzcfbBNQcTXX9uFPpin4ZVAtQecrzNlxx/WXIRtlowvMoh8y/3LuQOg4xEHIyWv
Ae+CwC/e8MdDVGvY+QTBjzXLrlURFw/USbLDzVCeXyvlXF2yGMvToyUibMZbPcs/
B+oGioE7BF7QSnSIlDQcEHUX9esYEg47GiHWh/SbWaSDOYZgOBlROzyKh4HQeQ/p
y2SVH8tKmBn+sJQdKD70y9iiz2UaMCuiSwwRTXx4Gsvj5wQpoSbiZMxbrRrKt5VX
ckfWReSLqiuWpddIWDzhsZ4AP2Lqv1XRAZj/h2jBb6coZdeKMv9fnpMoRiDrRsss
RTvxOfHh3us6K2KE/dGiBpzYM1rHKXwBoUCR3wVfiWHxVqYNTzA=
=uo3f
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2315-1] gupnp security update
Next by Date: [SECURITY] [DLA 2318-1] wpa security update
Previous by thread: [SECURITY] [DLA 2315-1] gupnp security update
Next by thread: [SECURITY] [DLA 2318-1] wpa security update
Index(es):
- Date
- Thread