|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-422-1 (python-imaging)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 422-1] python-imaging security update 


Date:
    	      Sun, 21 Feb 2016 15:05:06 +0100


Message-ID:
    	      <56C9C412.5070805@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-imaging
Version        : 1.1.7-2+deb6u2
CVE ID         : CVE-2016-0775
Debian Bug     : 813909


Two buffer overflows were discovered in python-imaging, a Python
library for loading and manipulating image files, which may lead to
the execution of arbitrary code.


CVE-2016-0775
	Buffer overflow in FliDecode.c

The second buffer overflow was in PcdDecode.c. A CVE identifier has
not been assigned yet.

For Debian 6 "Squeeze", these problems have been fixed in version
1.1.7-2+deb6u2.

We recommend that you upgrade your python-imaging packages.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJWycQQXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkpOIQAMmjH8cwtmnjUxmoiSy6vuLM
tgh77twMB9JJ4FC9D8TOdPZnH2Y5tYCYIut/JTbb+w5KBQG3mFus0ZxPrlWhz7XF
wSD9/iMSH9UMrpiKINyklHGv7acGdOwupYtYBC0f3jijQMUJzrEHDkkv1xGSokEu
9NO4Vwwj32qAO0BO+KH9sJDzzVlI6LNyk2laVQsKcYnCTjLIKtnlRcVKuI4GMKui
m9hHlqTB+1GRZzKJ4LfBTF1qxdctQRSWBPquZaPiRdeNNAkZ4p53nb879jQRAFov
u2gWhloC55ehahD98GTW61m9n6ljvkrYsf9bwS99wUZ498lhIAHaArZWhTCKMy65
P4TOAF0YcD+6XGjNJrKgLgscwMbkc/IfgXfH7RNM3OI5IGtUxDxNLiMOtHJzMJ6D
8ZSzlmpRbryM4OXp5eKsbhUHxZc2BPpA+y3XPdYoNhnFFt8V2efuf5Fwj/oWUKn5
T32/MXEYs757R2b3u76Y+bx0QeLNuQcZozcYVQMuk4BQ6T52a9Fg6CQpQz8jJU0R
fKWbPHpnN8B0H+iRxItNP7i63sEFzkaUVItCVRpmSpSDogFVw0bToWgWOYzmHZHr
BoGvQTJa1SVzHGLOjTW3hciSb/CruBc32qmRCy1f8SjFjeunElftww9kXhSHs8CX
Q37oxuzYmNaN+MIQCwtV
=3Dcb
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds