Debian alert DLA-2317-1 (pillow)
| From: | Utkarsh Gupta <utkarsh@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2317-1] pillow security update | |
| Date: | Sat, 8 Aug 2020 23:33:22 +0530 | |
| Message-ID: | <e2bbcf9a-0df3-d62a-bf83-060e357a1e7d@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2317-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta August 08, 2020 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : pillow Version : 4.0.0-4+deb9u2 CVE ID : CVE-2020-10177 It was noticed that in Pillow before 7.1.0, there are multiple out-of-bounds reads in libImaging/FliDecode.c. For Debian 9 stretch, this problem has been fixed in version 4.0.0-4+deb9u2. We recommend that you upgrade your pillow packages. For the detailed security status of pillow please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pillow Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8u6OcACgkQgj6WdgbD S5bBwQ/+PCLae1ky4d/WeF769BoUXsdA9CQcy4ZMCKAoD2DCPDdRlo/uwjG1gfds 3dncVBxoWIvROAWLskjSJSQ73zdNcvzYWadfwGg9RjMuisGmY3QXTBE4473Xl0dp aBejZ2++NZ5vwAzgsj6meeZQtIVbNcSkduT4fgUPXQAXUh5IYm+UcrU82j8VAbKx J/z7iftO7OjaJEZegmBD7tBd3DiEtGceHHxzKik4r4gq1ZIPloz68kuI/DXp+XIS hrEoshJvrJ2NtoUsrpRmWkO/aw0dkPJebeHs+mcXCpCobQ+lWiR7AUOnuzO/kGtO pvzcfbBNQcTXX9uFPpin4ZVAtQecrzNlxx/WXIRtlowvMoh8y/3LuQOg4xEHIyWv Ae+CwC/e8MdDVGvY+QTBjzXLrlURFw/USbLDzVCeXyvlXF2yGMvToyUibMZbPcs/ B+oGioE7BF7QSnSIlDQcEHUX9esYEg47GiHWh/SbWaSDOYZgOBlROzyKh4HQeQ/p y2SVH8tKmBn+sJQdKD70y9iiz2UaMCuiSwwRTXx4Gsvj5wQpoSbiZMxbrRrKt5VX ckfWReSLqiuWpddIWDzhsZ4AP2Lqv1XRAZj/h2jBb6coZdeKMv9fnpMoRiDrRsss RTvxOfHh3us6K2KE/dGiBpzYM1rHKXwBoUCR3wVfiWHxVqYNTzA= =uo3f -----END PGP SIGNATURE-----