pillow: CVE-2016-0775: Buffer overflow in FliDecode.c

Debian Bug report logs - #813909
pillow: CVE-2016-0775: Buffer overflow in FliDecode.c

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: pillow: CVE-2016-0775: Buffer overflow in FliDecode.c

Date: Sat, 06 Feb 2016 16:40:46 +0100

Source: pillow
Version: 2.2.1-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for pillow.

CVE-2016-0775[0]:
Buffer overflow in FliDecode.c

This is fixed in new upstream version 3.1.1.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-0775
[1] https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec

Regards,
Salvatore

Message #10 received at 813909-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: 813909-close@bugs.debian.org

Subject: Bug#813909: fixed in pillow 3.1.1-1

Date: Wed, 10 Feb 2016 10:21:18 +0000

Source: pillow
Source-Version: 3.1.1-1

We believe that the bug you reported is fixed in the latest version of
pillow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated pillow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Feb 2016 10:40:44 +0100
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python-pil-doc python-imaging
Architecture: source all amd64
Version: 3.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
 python-imaging - Python Imaging Library compatibility layer
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
Closes: 813905 813909
Changes:
 pillow (3.1.1-1) unstable; urgency=medium
 .
   * Pillow 3.1.1 release.
     - CVE-2016-0740: Fix buffer overflow in TiffDecode.c. Closes: #813905.
     - CVE-2016-0775: Fix buffer overflow in FliDecode.c. Closes: #813909.
Checksums-Sha1:
 d9315780863189a34c9582094423aa1721e05af9 2681 pillow_3.1.1-1.dsc
 2ddf50ac4388fc829450b2c602868321bb7e49b6 7129916 pillow_3.1.1.orig.tar.xz
 2aef9d33f70dcd4b02ce25c28cf7322a10396aa1 14468 pillow_3.1.1-1.debian.tar.xz
 39428a40dc42a394093e363e75ea0cb9f00b9fd9 44370 python-imaging_3.1.1-1_all.deb
 bf96761ec9750acbbec2544f81ac52093bd6d9f4 446724 python-pil-dbg_3.1.1-1_amd64.deb
 c0db8c443e10fb0dd0c6afd82dbb4fcfc2c1570f 53494 python-pil-doc_3.1.1-1_all.deb
 ede7d5f1a2f6e033fb33db3d6f91a702c7634287 13244 python-pil.imagetk-dbg_3.1.1-1_amd64.deb
 002b7f2fdf5017826452c537b658dadfe82c7db3 48324 python-pil.imagetk_3.1.1-1_amd64.deb
 7eafb7dafe15dcf97d7d5e757a44ba5fd981dcb2 353244 python-pil_3.1.1-1_amd64.deb
 cd5f854a057bc10a395470f4a129debfab66397f 768634 python3-pil-dbg_3.1.1-1_amd64.deb
 781f1231a9f279d317c8d766f4ac8b19a2d06499 18658 python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
 648c6d2c06950c94f6dd55ddfc056ea47a682722 48516 python3-pil.imagetk_3.1.1-1_amd64.deb
 ad96d3cbbe3118b4541f4bfa0ec9c4265cb35b2d 354372 python3-pil_3.1.1-1_amd64.deb
Checksums-Sha256:
 157d04c7c814b3fbc44a111bef8202e7522559c6dc65b69dedc85975874772ab 2681 pillow_3.1.1-1.dsc
 a52564806d3e28aae9bbabe0af8d0b78868d48eb5a6990c0221bc0a8f2469d54 7129916 pillow_3.1.1.orig.tar.xz
 40cfba4d61b8981b8b75240fe7bd5674465abf791bdf2ce0d89f776ef1450178 14468 pillow_3.1.1-1.debian.tar.xz
 6be335a5919a0a2003ce7a52de75884b61e9baab080f3d16b50a61d9d37543ee 44370 python-imaging_3.1.1-1_all.deb
 4b3ba6c4c062eaa87747296befbb1ee94e29031be2f83ebb4d475b5374a99b5f 446724 python-pil-dbg_3.1.1-1_amd64.deb
 e17a104c6c5925e3ee3876e345078b8bc480bca5b10a51f08ae0e20b39a05b68 53494 python-pil-doc_3.1.1-1_all.deb
 f6e9c23fad5f917d61e4955ac3067c073da3a88d226fa3d67cf0a1a89f10afbc 13244 python-pil.imagetk-dbg_3.1.1-1_amd64.deb
 c715b937e7b90c48b7c238aa41ae87b0d8228bee6481e0d572865ec4ded36007 48324 python-pil.imagetk_3.1.1-1_amd64.deb
 8fec2cd6ce08da604e6cc45bb1d9cced42bf560af02a011d0e5ae28bedc02536 353244 python-pil_3.1.1-1_amd64.deb
 a5871356725482d3fbc54f1df4f79924dda96d504e12ddd9448357d51ed1c7ed 768634 python3-pil-dbg_3.1.1-1_amd64.deb
 9ac8db5be58f94f88c149553d3042cb970f5dbe9fdd01dbed9e54a8e0378b95a 18658 python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
 0cda1556c6f04ca96835fdacee3fe81c628d685718d63d13751a815c47016c1f 48516 python3-pil.imagetk_3.1.1-1_amd64.deb
 9223ac8ac72a7d8fa4e9413e97d821d4ce32026fe8f4f5cb7c4853982528fd4d 354372 python3-pil_3.1.1-1_amd64.deb
Files:
 1497016fdefc9062f80d1547de6165b3 2681 python optional pillow_3.1.1-1.dsc
 51312ede0e827ea9946703c17cb9ad87 7129916 python optional pillow_3.1.1.orig.tar.xz
 bd02c4986d940217fb3f9b4efc40644d 14468 python optional pillow_3.1.1-1.debian.tar.xz
 f0755a772d19561a0a627cad1f230fc7 44370 python optional python-imaging_3.1.1-1_all.deb
 35faa3c59b5e6e996e963d687616ddbd 446724 debug extra python-pil-dbg_3.1.1-1_amd64.deb
 ab69e208d658d22982e88b10428b7d48 53494 doc optional python-pil-doc_3.1.1-1_all.deb
 61c0b4f9e43cdcaa2dd0558dcde456b0 13244 debug extra python-pil.imagetk-dbg_3.1.1-1_amd64.deb
 7d68b03ce8e5c3a14365567999d2e90c 48324 python optional python-pil.imagetk_3.1.1-1_amd64.deb
 01982a325bee904e297b8ca3c6aac759 353244 python optional python-pil_3.1.1-1_amd64.deb
 d4a061c47c7a22855aecf4a830b9b028 768634 debug extra python3-pil-dbg_3.1.1-1_amd64.deb
 ece5126362c911789422d32346980521 18658 debug extra python3-pil.imagetk-dbg_3.1.1-1_amd64.deb
 69a80cb852404ee9e55347123684eb74 48516 python optional python3-pil.imagetk_3.1.1-1_amd64.deb
 048a73c4ce065a51f85dad7a29683a38 354372 python optional python3-pil_3.1.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWuwg6AAoJEL1+qmB3j6b1rxAQAIFP6Ce4RbUmQNDuL+qfvSFI
GFiQBWPmxBk6f/EowXy5OCKl3MZw/vm0JBwNUxK5VY0wSTzVBUpV7HBQStTt5nhf
MoCbYCheFEdidQOBGDXeXWmNa2EKPYWLZO5J0OKIvERlKaxtnV22OhTsgQR9MO38
Z6ffLtsivPHSY42i4SySRZKVPtq5DqVaojkmehq7lYhU/uUZKDvnF8TT0XcX3uWr
b6P2gphu33M0nsf7Uwx04urb7eDSvrstXFwfEAUYpfjPRTSE+05TM/bRgK2snSwH
RVNyIdz4IcZ/9zXaMpZtunO75eQlHWEWTIBxsle1zwNwAa53ZYe+DDVrn3DKvDOX
hCkVLuJgZ74s7pc8i1yHaArY8h9V+mh7SiVkVmjy0ZgHjmWKvO+2vcyhqcnvo2eD
HOoQH+ZelwxOy72QpCGq3MejlAPhayp7jF6o5KZZ7pvlVWlFskuw2hDVfisPudyl
sIuIN2OqapPxlW8np2itufGnD5pMPIMmloY+iwKuChABiYVkdQCfuXMR6HzELYfK
bAuvtjCAW01ZY5mzk2gjJZfEkhYYyKZq9XTXrY0cp41Jss//zfgJmaNC7MjCdlvt
0S3ChYZmT7XXVmnbDvGTxXMranOjwx7BljTNEmImqnvTvUfGV0qpj8TseY1HlVZN
eegRKFvibifaRr/JUJjG
=6rEF
-----END PGP SIGNATURE-----

Message #15 received at 813909-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 813909-close@bugs.debian.org

Subject: Bug#813909: fixed in python-imaging 1.1.7-2+deb6u2

Date: Sun, 21 Feb 2016 13:49:44 +0000

Source: python-imaging
Source-Version: 1.1.7-2+deb6u2

We believe that the bug you reported is fixed in the latest version of
python-imaging, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated python-imaging package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Feb 2016 13:28:45 +0100
Source: python-imaging
Binary: python-imaging python-imaging-dbg python-imaging-tk python-imaging-tk-dbg python-imaging-sane python-imaging-sane-dbg python-imaging-doc
Architecture: source all i386
Version: 1.1.7-2+deb6u2
Distribution: squeeze-lts
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 python-imaging - Python Imaging Library
 python-imaging-dbg - Python Imaging Library (debug extension)
 python-imaging-doc - Examples for the Python Imaging Library
 python-imaging-sane - Python Imaging Library - SANE interface
 python-imaging-sane-dbg - Python Imaging Library - SANE interface (debug extension)
 python-imaging-tk - Python Imaging Library - ImageTk Module
 python-imaging-tk-dbg - Python Imaging Library - ImageTk Module (debug extension)
Closes: 813909
Changes: 
 python-imaging (1.1.7-2+deb6u2) squeeze-lts; urgency=high
 .
   * CVE-2016-0775.
     Fix buffer overflow in FliDecode.c (Closes: #813909)
   * Fix buffer overflow in PcdDecode.c. No CVE identifier has been assigned
     yet.
Checksums-Sha1: 
 4a96ae269a561dd60f20104e8a186cd9e46cd6e5 2125 python-imaging_1.1.7-2+deb6u2.dsc
 68c7045cfb48bebbe9529d65ac4db17c2fb33824 9151 python-imaging_1.1.7-2+deb6u2.diff.gz
 2162c47087f2b58dc79110162948d415ac5c98f7 70460 python-imaging-doc_1.1.7-2+deb6u2_all.deb
 f27c965bab64c41d383112c44da55a5c78935359 433332 python-imaging_1.1.7-2+deb6u2_i386.deb
 1cc3fbaa813e24dbbe90f56fe82f07225dcaa371 1047972 python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 f1790929737ec0df8b81d7c26396555fc4b697b2 37314 python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 2802a34e4b472f9be3ec8df2c89727ec7f465646 21818 python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 bab7e6ade834d0510f247c3237ab9e951b5c687b 52340 python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 ac24ca3f13618e433f04ab9a45e64b1cfa3fc42b 65510 python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb
Checksums-Sha256: 
 aa77531d6be07e25402fd09d396977c4ed4b136c09986023968f510cfb57fdc0 2125 python-imaging_1.1.7-2+deb6u2.dsc
 f6d4cf26bb6a21b9adbe34969185d35c49ca675c5a0541f54e2def0c0cf3c087 9151 python-imaging_1.1.7-2+deb6u2.diff.gz
 f44187cae4895f7fd101e75b90e361531d9532f1ab40a158f0ad03a2e0fccec4 70460 python-imaging-doc_1.1.7-2+deb6u2_all.deb
 4c9f64930b18281a05da65c67a4bb35fc569ce05e9b3bca0f8383d770e5337d5 433332 python-imaging_1.1.7-2+deb6u2_i386.deb
 93999e8a92e2274d57c4781f91f1ddf4d6c59153cfb103e70a0072bfd3a4a2e8 1047972 python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 f283e72c61f718f2ba64a2fbb56d443fa4ca92a3898cff4fad666d20c7a3197b 37314 python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 47736162a67787404443298a44afb152d3ed2dc5e6c1add4c8b967539ad23286 21818 python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 fdc51af88bce71ee44eee3e0917867eb126d4f2a00757354264495e78dd31c2f 52340 python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 19f20c8fad933ffa778b6d1a156d88d7f2b804290b249d1564d16ff6e3ed8e96 65510 python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb
Files: 
 ec292896d945a9a99bed5f3794f259d1 2125 python optional python-imaging_1.1.7-2+deb6u2.dsc
 ee139cbd8953c6870d7cf3dbe793d422 9151 python optional python-imaging_1.1.7-2+deb6u2.diff.gz
 c9297512b2d3d4cbead5325e4bc7af2a 70460 doc optional python-imaging-doc_1.1.7-2+deb6u2_all.deb
 a68740daf8dbc6d624ada5f52b11d583 433332 python optional python-imaging_1.1.7-2+deb6u2_i386.deb
 f95ebedb2fa90fdc2ffbb5d8e9840f60 1047972 debug extra python-imaging-dbg_1.1.7-2+deb6u2_i386.deb
 89590f2cd2fcc1f0230678573b3368a3 37314 python optional python-imaging-tk_1.1.7-2+deb6u2_i386.deb
 676201b4bf4b945f1a74ed55e24ae8f7 21818 debug extra python-imaging-tk-dbg_1.1.7-2+deb6u2_i386.deb
 0b5852a600d93620fd2852a0021bbaba 52340 python optional python-imaging-sane_1.1.7-2+deb6u2_i386.deb
 dac61474b851857ed3c73b64f1e8a3de 65510 debug extra python-imaging-sane-dbg_1.1.7-2+deb6u2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWybr0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkg2cP/3sk9m0PIdK/zfHs4pBF3Xff
/5L+Sra+EblysHclV6Y36Z/gQCbg4osJcVQxPD7o3i90NcTrAJI9Sdir+4EtALTN
FLPxjeFmq3Nzh4Cka4q39soGs/z+84pA1dWpGkyJrp9odDuTkc16aPhPUF3mU6ZN
DtIOl42nSAyFpA7zTYeJS/oWCeHTFAN5pWsw8W8NPm6uQQeXHGQbxqwwBteHMzsA
xfojeFREkhZOIfQQ6z0BkdZwcr1qBqf8FdpHFr6slNRJjS11Vmju0rsbfyD8v0OZ
cMUPYffDQEMnPvFrT51J6HjM94vdkd/yZFOBcKrGT1EZce5lvY9Rr+ol7FyNUuW9
4I0O8Tg76b9Jvfb23fZNhnRzQNFSIQFnIr/q21hJm9++OFy7D25MA3dimZDHtqTF
ZVMe3iD2lBpbPvu6f0Vl++FYkhYSVPYLzJdRSHBL3NZoxCTMhTs1Ndz4/+NVUCQ2
I4wOvhRb4mxBWt4yAt6TUJOoXEsM+RS+6fFW5J1IxdG/XjwJmn3cu5EE8PTXYzVK
DQ2Cjv4TLEolMCv9kWe454F92Y+46aQxV30D0+P3PGJvPj3Tx08lQ7umnyqSI1Ex
Uc3np9fFiwi49Rs07MOgJqvPz4wtgBxBC85krm1XS9lwmdCw5BPyNGPtHKr+O2dr
ofpmji7muJLt0v6KpS5m
=GOgf
-----END PGP SIGNATURE-----

Message #20 received at 813909@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: "team@security.debian.org" <team@security.debian.org>

Cc: 813909@bugs.debian.org

Subject: Security update for pillow, python-imaging CVE-2016-0775

Date: Sun, 21 Feb 2016 16:16:30 +0100

[Message part 1 (text/plain, inline)]

Hello,

I have prepared two security updates for pillow / python-imaging in
Wheezy and Jessie. Debdiffs are attached. Please let me know if I shall
upload the new revisions.

Regards,

Markus

[pillow.debdiff (text/plain, attachment)]

[python-imaging_wheezy.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #25 received at 813909@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: Markus Koschany <apo@debian.org>, 813909@bugs.debian.org

Subject: Re: Bug#813909: Security update for pillow, python-imaging CVE-2016-0775

Date: Sun, 21 Feb 2016 16:32:15 +0100

On 21.02.2016 16:16, Markus Koschany wrote:
> Hello,
>
> I have prepared two security updates for pillow / python-imaging in
> Wheezy and Jessie. Debdiffs are attached. Please let me know if I shall
> upload the new revisions.

please go ahead.

Message #30 received at 813909-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 813909-close@bugs.debian.org

Subject: Bug#813909: fixed in python-imaging 1.1.7-4+deb7u2

Date: Fri, 04 Mar 2016 23:34:04 +0000

Source: python-imaging
Source-Version: 1.1.7-4+deb7u2

We believe that the bug you reported is fixed in the latest version of
python-imaging, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated python-imaging package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Feb 2016 00:15:07 +0100
Source: python-imaging
Binary: python-imaging python-imaging-dbg python-imaging-tk python-imaging-tk-dbg python-imaging-sane python-imaging-sane-dbg python-imaging-doc
Architecture: source all i386
Version: 1.1.7-4+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 python-imaging - Python Imaging Library
 python-imaging-dbg - Python Imaging Library (debug extension)
 python-imaging-doc - Examples for the Python Imaging Library
 python-imaging-sane - Python Imaging Library - SANE interface
 python-imaging-sane-dbg - Python Imaging Library - SANE interface (debug extension)
 python-imaging-tk - Python Imaging Library - ImageTk Module
 python-imaging-tk-dbg - Python Imaging Library - ImageTk Module (debug extension)
Closes: 813909
Changes: 
 python-imaging (1.1.7-4+deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2016-0775:
     Fix buffer overflow in FliDecode.c (Closes: #813909)
   * CVE-2016-2533:
     Fix buffer overflow in PcdDecode.c.
Checksums-Sha1: 
 47392ebc9f57340137e0e1eec3e7b446967791fa 2412 python-imaging_1.1.7-4+deb7u2.dsc
 b2e2587562f263e19f7502cee8f480000f037cd9 9759 python-imaging_1.1.7-4+deb7u2.diff.gz
 a3356b1e7dd5e8f7329781b2ad93ad8cc2fa28f3 70702 python-imaging-doc_1.1.7-4+deb7u2_all.deb
 b965df6945b5ed4c45c68d680a7a76a64ec1ad10 459080 python-imaging_1.1.7-4+deb7u2_i386.deb
 ee6d992f55738ede7400bc7c4fd5b30cef9ac2e4 1065162 python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 200de4dc251601989c9522b301d4bfa616479349 38146 python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 b41b40eab5bcfa5ed8acfd80bd87db77ee622262 25318 python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 e2d1cbb57ef001bb8300a7c09fe5e885b68a0353 52524 python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 543c8ac5307dfe4f5dbf63385194b8378374426d 74740 python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb
Checksums-Sha256: 
 3c23c9d1648beb705ee1ae97233d25f1c227ebca540933d06bf0daffa4de9a61 2412 python-imaging_1.1.7-4+deb7u2.dsc
 578df0abb49c5fff0bb5ab35b179b6581940f03018b83929c7767ef7d87af672 9759 python-imaging_1.1.7-4+deb7u2.diff.gz
 e5eba7be7d29892f47ede5cb37d4f0033e9de56193c92dbb4df15a2d4cecb621 70702 python-imaging-doc_1.1.7-4+deb7u2_all.deb
 ce5dab8220141309ea88ec4a3cb5c03277cd723e0743b48b13268ef61744c2c4 459080 python-imaging_1.1.7-4+deb7u2_i386.deb
 5a2cc3832b80615c1f45059e5054f461f4a823695fcddc4f89d6382ab476f870 1065162 python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 b05370618350f2abbea5289e2a89cf07e47442da351db1aaff2cfa548303da38 38146 python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 1b8c833a069a043aaec510572388ad34c32fe393c1dc4aba564a8c4d82ba48d4 25318 python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 69069bf0fb77553ea06f67edc0f33a62ad96508c417c8f29662dda1dc8c266d0 52524 python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 418240b96a170054aeafcbd1d7c73a51492cf4649f3a299ea5790732e72210fd 74740 python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb
Files: 
 7576c2ac397b67dde0349f9d2e33cfa2 2412 python optional python-imaging_1.1.7-4+deb7u2.dsc
 53297683767065721bd06d47e04d2c45 9759 python optional python-imaging_1.1.7-4+deb7u2.diff.gz
 4e46d0d6784584411e8008c97f3d8b0e 70702 doc optional python-imaging-doc_1.1.7-4+deb7u2_all.deb
 9661f5a13c269734d95c0d071c8746c1 459080 python optional python-imaging_1.1.7-4+deb7u2_i386.deb
 e353a444c0771b9e5717b16dbee2e36b 1065162 debug extra python-imaging-dbg_1.1.7-4+deb7u2_i386.deb
 d6d73a51de07bc7dbf3a601a925176c0 38146 python optional python-imaging-tk_1.1.7-4+deb7u2_i386.deb
 17ebeca193bdb2186ce0ac8c6dbf4f32 25318 debug extra python-imaging-tk-dbg_1.1.7-4+deb7u2_i386.deb
 b738eb2ba1956758a40a9ebabe20b703 52524 python optional python-imaging-sane_1.1.7-4+deb7u2_i386.deb
 003809e1c90ecddb775e902ad5776662 74740 debug extra python-imaging-sane-dbg_1.1.7-4+deb7u2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWy5jhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkw2MP/jQXXo8OusEiL2E0k3QM5Gi2
cYDCgmRRG4haDRaUK+GfcxPz2lVr9cEAcRoBu0QfolxMqPc+WokUeAEz8Y3L9Ezo
+pbx2ON5CPRG+H2RRctEkCZBf2KiZgUjkvX3klUj2dd9lij5QoUthuOICRc/RKpL
6Sqh5pIPynJBU02wBxbdfU6bAvlLG6s+wvm4QwMU9TGuAUmztMYyyyiidio6hBin
Y1RmcL9AMV/gsbD+PDzBagc85fpoBMIXvj+LqGc/y1yQJJINpj/4jkNctDkYtdjk
5UDU4yjJBF0vgyitZCtlZVyO1aBBJM4ZTRfrgtCWRsb+U5BDdoFODPAdPHhuHvQz
8D49XYaPfoffSr8z4svJOqtIOCPw1KHI8nZ3zDsiZKHYCuN5TQnc8N7Xptmt42v9
bCo3IDNHl7LPuAG9KmFuBfuia2SyoxvOPWjVIHsLU65M8eUw0RZMogDYOJODpmjP
J3Xy+fjJa4O9t8COqllws8HQK9c16mWrDccVhvMeTeBID++K/0DwQwyznYarbDRY
kkQnO8WN7isJszPv+WvT6UG7hY8iBKZblYq4ti0IzJoS9+ejd8PEo/hWxWGvZ88N
Xt67kMMLThXoeHeVk7C38LtE3TDYgOjTjqa+Td8AC809wcCCjLd21fgBuhpxr6vG
bBADmOtOR5Z7jTgfrTa1
=cemt
-----END PGP SIGNATURE-----

Message #35 received at 813909-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 813909-close@bugs.debian.org

Subject: Bug#813909: fixed in pillow 2.6.1-2+deb8u1

Date: Sat, 05 Mar 2016 22:34:02 +0000

Source: pillow
Source-Version: 2.6.1-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
pillow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813909@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated pillow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Feb 2016 00:00:01 +0100
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python-imaging-tk python-sane python-sane-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python3-sane python3-sane-dbg python-pil-doc python-imaging
Architecture: source all amd64
Version: 2.6.1-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 python-imaging - Python Imaging Library compatibility layer
 python-imaging-tk - transitional dummy package for smooth upgrades to python-pil.imag
 python-pil - Python Imaging Library (Pillow fork)
 python-pil-dbg - Python Imaging Library (debug extension)
 python-pil-doc - Examples for the Python Imaging Library
 python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
 python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
 python-sane - Python Imaging Library - SANE interface (Pillow fork)
 python-sane-dbg - Python Imaging Library - SANE interface (debug extension)
 python3-pil - Python Imaging Library (Python3)
 python3-pil-dbg - Python Imaging Library (Python3 debug extension)
 python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
 python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
 python3-sane - Python Imaging Library - SANE interface (Python3)
 python3-sane-dbg - Python Imaging Library - SANE interface (Python3 debug extension)
Closes: 813909
Changes:
 pillow (2.6.1-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2016-0775:
     Fix buffer overflow in FliDecode.c (Closes: #813909)
   * CVE-2016-2533:
     Fix buffer overflow in PcdDecode.c.
Checksums-Sha1:
 38d57579c6961a957bd3a9e27df69685d6e35e7f 3123 pillow_2.6.1-2+deb8u1.dsc
 1f2d7e2a88cb59664fa61d3d360f4e1c624dc6ad 7299315 pillow_2.6.1.orig.tar.gz
 9e4c7b5b68b50c66a180f692655d2d98888e89fc 16804 pillow_2.6.1-2+deb8u1.debian.tar.xz
 5d187fa4710aadffdee5a531bc393d8ba731f2da 8108 python-imaging-tk_2.6.1-2+deb8u1_all.deb
 c2d4c5f0992c38f374eb803193939d58696d94ed 19546 python-pil-doc_2.6.1-2+deb8u1_all.deb
 220203d37d5faa96a3c236c8ceb3814b097b0366 9710 python-imaging_2.6.1-2+deb8u1_all.deb
 56dd08b28a12cb4ea45e4c09b6eb33ac74e18063 303126 python-pil_2.6.1-2+deb8u1_amd64.deb
 ba764537a24ab960026af4ac7098264dcff1590c 436272 python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 9252ff8138ebcdfde64d72f456b3d1a6da5df9f2 13742 python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 8bc259e6426315cbc7141d085579d024cb1fa05b 13026 python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 1e1da32d903a8a8f652e3016d26f35ae84b4222a 24954 python-sane_2.6.1-2+deb8u1_amd64.deb
 963f89aab6f7f015562939968a540ad937f1a4cd 29898 python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
 6a3524fc54421eceee0eacffc989f98944714891 304742 python3-pil_2.6.1-2+deb8u1_amd64.deb
 bc221257f5f9757b370a690ca9cdeff8081b75d0 442798 python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 1514e2d7f23469de8a7d5fcae0a3e7be13c6ca93 13828 python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 f4e75b3bc8424eb749010a9c81e612d96a290307 12974 python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 a85da296751fbbc7d794c58a99acce0cf989b0ae 20690 python3-sane_2.6.1-2+deb8u1_amd64.deb
 f1f9297413be3dddec3949e163c195d53d913795 30880 python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb
Checksums-Sha256:
 bb0f0591bc6ee1cff1128659bc0680b28c5c42bc2f30cb3a3a10cddad7f19c0f 3123 pillow_2.6.1-2+deb8u1.dsc
 78647bc8980c98f9d57659083c7a7e30d6a8bdd2c385f5b250f301e85a6acbad 7299315 pillow_2.6.1.orig.tar.gz
 2e070f40e8e2ef31d96091c6b25d9b01dd3dc1a409080ac440b3278d8ce47bdb 16804 pillow_2.6.1-2+deb8u1.debian.tar.xz
 8aa7cdff44fd5e55607a9bf769f5d564c7c3100bceff63333741f5368bd4687c 8108 python-imaging-tk_2.6.1-2+deb8u1_all.deb
 c407cd6557f47d4be01300fda6b606870e2ce9eec9951236ae26da952705443b 19546 python-pil-doc_2.6.1-2+deb8u1_all.deb
 d4f844d966c81b176c7698f6ca5ce8b8b413085c0712164ab77521921fee94f9 9710 python-imaging_2.6.1-2+deb8u1_all.deb
 a3e9609a0960b75717a48fbb31567e43b5b8c25f4e84ce344687061af7abdac4 303126 python-pil_2.6.1-2+deb8u1_amd64.deb
 d44bc482d390ac19b6d5dbe7d869188b263a5fbcd14ccf2635b229e0c54b9570 436272 python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 24df5822180411bb3b24769ed68c98eb63df10838a41e68c3572dff85d94bee0 13742 python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 d7726458ffd7c28d47f2b2b5c97e6f68abdb763cd8f39c73cf76b6a1d25b82b2 13026 python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 6d2606ef227f813f7b5c2e43e4246828649f4463b542cab2bd072bb97a8350f2 24954 python-sane_2.6.1-2+deb8u1_amd64.deb
 d48b4c10da4ed8a03f2b2ab93f889196acb206a13d3173611545b388b6d29eec 29898 python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
 7784eafc43a1dce5fcb66ada04250c01bec71eb483e0ac7efa81e5c8fe6ea1d3 304742 python3-pil_2.6.1-2+deb8u1_amd64.deb
 de294f9b98a03cd35624e5d316160c22fe02aa925b146f928fa2ec209960f276 442798 python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 52f88b86339f193a1b8b0890b1291d8f2a15da4c2283bab1be479afc9d892b90 13828 python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 42b1293f9ff6f30a64533be40d7aae0e2c252f71eba0c07cffe5e57a0fd5b125 12974 python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 1839bc7316c1f2c4137f5ffd3cbcbe34125e7465cf578800525a56e69065d737 20690 python3-sane_2.6.1-2+deb8u1_amd64.deb
 a086be95286583f70a1454eb64cf201aac2e8c15425c1a50fe2c38f3f0b360a2 30880 python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb
Files:
 842ce806141c33fc2c2334e25520dfbc 3123 python optional pillow_2.6.1-2+deb8u1.dsc
 13932baf686e2b35f604ef5cdc7742f5 7299315 python optional pillow_2.6.1.orig.tar.gz
 25d51e484aaa71b7fabbeaf96629d08b 16804 python optional pillow_2.6.1-2+deb8u1.debian.tar.xz
 578e5316937d068c0b63780cd88092fc 8108 python optional python-imaging-tk_2.6.1-2+deb8u1_all.deb
 3c84ddbcfb9054d45f587cdd62657de9 19546 doc optional python-pil-doc_2.6.1-2+deb8u1_all.deb
 af1279058b6883632c169480bebc495b 9710 python optional python-imaging_2.6.1-2+deb8u1_all.deb
 e96c6160e48180c3ab1d15a4efd4af8b 303126 python optional python-pil_2.6.1-2+deb8u1_amd64.deb
 57ce391ba7809f1500ff215093d0344c 436272 debug extra python-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 275b37b111e0034076e6fb37a54df3d6 13742 python optional python-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 102e6a20ddc9d31f4adcf0d222587edc 13026 debug extra python-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 5c39f2b984f2d69a00ba1d9e35ec36c6 24954 python optional python-sane_2.6.1-2+deb8u1_amd64.deb
 2496c94ee4e63d91fd400581108c6433 29898 debug extra python-sane-dbg_2.6.1-2+deb8u1_amd64.deb
 0864403ba7102c079880aeb791f17541 304742 python optional python3-pil_2.6.1-2+deb8u1_amd64.deb
 3690ff6f98ef6013b5966e5667cc8bab 442798 debug extra python3-pil-dbg_2.6.1-2+deb8u1_amd64.deb
 9028726024ca64d6e4966450fa2182cf 13828 python optional python3-pil.imagetk_2.6.1-2+deb8u1_amd64.deb
 17247f50df5631ae4c534b1c58eb791a 12974 debug extra python3-pil.imagetk-dbg_2.6.1-2+deb8u1_amd64.deb
 062cc469f7697a966b158459b6692c07 20690 python optional python3-sane_2.6.1-2+deb8u1_amd64.deb
 1097fc66a1290c911724d8f391c3f667 30880 debug extra python3-sane-dbg_2.6.1-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWzC7fXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkKIUP/3aFcGP0GN/f7397X6xWdKXv
xDaa4biSz3KWc2l4IKxjQwpjNw3YIZhLKM3FoIQ+Y4NbS8IoacgOfPjbwwvuua0l
CLC15RkJvnX64XKbFmT/XYVdZUpqVFT/prY9H9Etj9LS5ew1OY8pdCPxOE5XMIlv
9Pnph698b89VRmPXw2g9fKKUYkhLQOhIrJIx6iW7MJEAfFhsjBzmT/mp/BZgnNZF
nxaLUj9b4c/1S2f1VIT+fvp7OtKpjj+t7vo5c7gdetYxUqZR6NoCSt+vkN3GbCDd
nMpPsbpZmvjqgpVhJp2ydC+H/C4hDH0OzrRpPPSlMpfc3n/euJ34X3jg+d0FeWNN
pUHwpCZXNxAaXlyGciuRKT9wHEKuKykO69K1KcfuTfoE/C2HvBR0ILBOVU6gRU21
eMt5Mpel2EzFmOImb1KV5MW0+oUb0Jf9RRFBgI8XHIl4imOQmOpZBTOmKkfn9EAv
av0ziWdAW8MwK1RGKNBTXmIShuprb1ytX5fkYX2HsCFd8reyVa+JmKr/BMC2ESF1
3nu3Kzd7gFaduXI+9tE6JL+bmmfv8OsarKEJvV5Ew0rFT+JtdbVgoI6dWPtlSKbI
ZY/yVxQBETGHPlp72DO30do6+NoWOH3ys2p4nqp1YPSstK2jPlQXOi/w30s0pLbu
YteufrMjB+7fifualNG+
=1Qkw
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.