[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3710-1] pillow security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3710-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 10, 2016                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pillow
CVE ID         : CVE-2016-9189 CVE-2016-9190

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python
imaging library, which may result in the execution of arbitrary code or
information disclosure if a malformed image file is processed.

For the stable distribution (jessie), these problems have been fixed in
version 2.6.1-2+deb8u3.

For the testing distribution (stretch), these problems have been fixed
in version 3.4.2-1.

For the unstable distribution (sid), these problems have been fixed in
version 3.4.2-1.

We recommend that you upgrade your pillow packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYJPAgAAoJEBDCk7bDfE421K8QAIMule3HpGCBoZzgr4q/klhm
2PVJsVojEZmThAoi+3ag2U/+tCVuCQygpCo7GEvffpYKk8a1JNbPAOrVR1DeExzO
dD6H9W3K11rMxn298yESNxqHdME/h3IC7iqeGnL1ZWMi8/YnAofzt+DnoOF+iHLQ
uK238iUSe5cPvL3K46G6vHIQc44bW7vhlLV6xKRw8VgkDD9+kq2rv+gxEqmMUV50
kX0Q/Vul1qUopbr8OhUsKTf8XvYlSx6vajw/Rgfg0BsBb1S4a/JIAfbX0CecpgSm
Be4oHyaN1N41ZYfkZSK9ehRaQOkWEKL90hDTwUgswY9xV2n6vZD3sZZTz5TLi9sz
TB8Segnty6SWjPDZU/ox/GyePujK7OfKf0/SY5FaLuL73D6LpHSAXm15mvX4BMQ2
mxA7LWgits+M6vHA242Un43lBFnprKPvT2cw9Rv01s9wj8NAa1o049fLkNe16Kl7
Zv4wXIFrDMT9wlGPfoG3dILLLoKEiyQZbLbEZMsv+o7n4E+QyFKruaQdLKtdDd9T
kh287vjoEDZgWTEdfV/9rLtqDcLT7mn20wWKf6kKLrNKSenguEiR1LmxL4s9uSSn
dO994c0VO+9B9gjA7lr2PyPQ29EhjhkqSOnHdv57l9G+THWV+gRPtyC1crAH4g8A
WL8qz/c75BNGap0x0Gv7
=N5cx
-----END PGP SIGNATURE-----


Reply to: