pool/python-Pillow
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
115 Commits 1 Branch 0 Tags 49 MiB
RPM Spec 100%
82baaadd8b
Go to file
Dominique Leuenberger 82baaadd8b Accepting request 877608 from devel:languages:python 
- update to 8.1.2:
  - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins

- Update to 8.1.1
  Security
  * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c.
  * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size
  * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile
  * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
  * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since pillow 4.3.0.
  
  There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container formats where Pillow
  did not properly check the reported size of the contained image. These images could cause
  arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke Shaffer, Xinran Xie,
  and Akshay Ajayan of ASU.edu.
  
  Other Changes
  A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed

OBS-URL: https://build.opensuse.org/request/show/877608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Pillow?expand=0&rev=46
2021-03-12 12:30:58 +00:00
.gitattributes - Initial version 2013-11-07 16:32:23 +00:00
.gitignore - Initial version 2013-11-07 16:32:23 +00:00
Pillow-8.1.2.tar.gz - Fix rpmlint warning about duplicate file definition 2021-03-08 09:00:43 +00:00
python-Pillow.changes - update to 8.1.2: 2021-03-08 09:01:22 +00:00
python-Pillow.spec - Fix rpmlint warning about duplicate file definition 2021-03-08 09:00:43 +00:00