pool/python-Pillow
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 877608 from devel:languages:python

Browse Source 
- update to 8.1.2:
  - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins

- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
  
  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.
  
  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

OBS-URL: https://build.opensuse.org/request/show/877608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=46
This commit is contained in:
Dominique Leuenberger 2021-03-12 12:30:58 +00:00 committed by Git OBS Bridge
commit 82baaadd8b
4 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Pillow-8.1.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba
size 44934336

3
Pillow-8.1.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b07c660e014852d98a00a91adfbe25033898a9d90a8f39beb2437d22a203fc44
size 45218347

25
python-Pillow.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Mon Mar 8 09:01:06 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 8.1.2:
- Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins
-------------------------------------------------------------------
Wed Mar 3 07:41:14 UTC 2021 - Adrian Schröter <adrian@suse.de>
- Update to 8.1.1
Security
* CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
* CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
* CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
* CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
* CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
did not properly check the reported size of the contained image. These images could cause
arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
and Akshay Ajayan of ASU.edu.
Other Changes
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed
-------------------------------------------------------------------
Thu Jan 28 15:07:09 UTC 2021 - Oliver Kurz <okurz@suse.com>

2
python-Pillow.spec
View File

@ -20,7 +20,7 @@
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Pillow
Version: 8.1.0
Version: 8.1.2
Release: 0
Summary: Python Imaging Library (Fork)
License: HPND