Debian Bug report logs -
#758772
CVE-2014-3589
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 21 Aug 2014 06:45:01 UTC
Severity: important
Tags: security
Fixed in version pillow/2.5.3-1
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#758772; Package src:pillow.
(Thu, 21 Aug 2014 06:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>.
(Thu, 21 Aug 2014 06:45:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: pillow
Severity: important
Tags: security
https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
has been assigned CVE-2014-3589
Cheers,
Moritz
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Thu, 21 Aug 2014 07:24:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 21 Aug 2014 07:24:06 GMT) (full text, mbox, link).
Message #10 received at 758772-close@bugs.debian.org (full text, mbox, reply):
Source: pillow
Source-Version: 2.5.3-1
We believe that the bug you reported is fixed in the latest version of
pillow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 758772@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated pillow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 21 Aug 2014 08:56:15 +0200
Source: pillow
Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python-sane python-sane-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python3-sane python3-sane-dbg python-pil-doc python-imaging
Architecture: source all amd64
Version: 2.5.3-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
python-imaging - Python Imaging Library compatibility layer
python-pil - Python Imaging Library (Pillow fork)
python-pil-dbg - Python Imaging Library (debug extension)
python-pil-doc - Examples for the Python Imaging Library
python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork)
python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension)
python-sane - Python Imaging Library - SANE interface (Pillow fork)
python-sane-dbg - Python Imaging Library - SANE interface (debug extension)
python3-pil - Python Imaging Library (Python3)
python3-pil-dbg - Python Imaging Library (Python3 debug extension)
python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3)
python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension)
python3-sane - Python Imaging Library - SANE interface (Python3)
python3-sane-dbg - Python Imaging Library - SANE interface (Python3 debug extension)
Closes: 758772
Changes:
pillow (2.5.3-1) unstable; urgency=medium
.
* Pillow 2.5.3 release.
- Fix CVE-2014-3589, a DOS in the IcnsImagePlugin. Closes: #758772.
- Fix CVE-2014-3598, a DOS in the Jpeg2KImagePlugin.
* Build-Depend on dh-python.
Checksums-Sha1:
aa8e43bd7f9e7f52852188a5b3afdbe21fa5d881 2216 pillow_2.5.3-1.dsc
b116eb093f7a3f30660a100a41304a55227a287e 6597031 pillow_2.5.3.orig.tar.gz
10c52b0af2fba9fa0d6bdd0aac6d8cde154d5a2e 15356 pillow_2.5.3-1.debian.tar.xz
7c757bdde2a6299d256f23d2ce9d8a3a6a7615f8 18574 python-pil-doc_2.5.3-1_all.deb
2dd29f23a9e56eb444698db832cc4dbaa73ad403 9380 python-imaging_2.5.3-1_all.deb
547e530647d13980de83f4b535e747a4675f8eba 323484 python-pil_2.5.3-1_amd64.deb
2d9f1d1ac529fa75716ea5625d4c5c51327dd7a5 434572 python-pil-dbg_2.5.3-1_amd64.deb
9bb212e1f91e83fcdd225bae16a2ccfbbd6219fd 13344 python-pil.imagetk_2.5.3-1_amd64.deb
c9d968a23ba9cf92195b940e88f46d234bf83148 13026 python-pil.imagetk-dbg_2.5.3-1_amd64.deb
0944732616d50dc5cc57b5a90ba5482ddae6f6a2 24522 python-sane_2.5.3-1_amd64.deb
414b5aeacddceda247a28519ebff453cd4816f9a 29604 python-sane-dbg_2.5.3-1_amd64.deb
7f569715a1240bf418d69bc42655244d7a7fa258 323864 python3-pil_2.5.3-1_amd64.deb
de80eedb3c83da55631729f51857cd0078b1328b 443080 python3-pil-dbg_2.5.3-1_amd64.deb
adc73b5b6ca0f962ef75c900162ef0d7e96fa6df 13426 python3-pil.imagetk_2.5.3-1_amd64.deb
e39c62a8771a9a84b81d646674d213c175890755 12984 python3-pil.imagetk-dbg_2.5.3-1_amd64.deb
1ecfe9a21ee024a8666d2e2fbd36926698254ee5 20268 python3-sane_2.5.3-1_amd64.deb
25bd95eeda230f25ef5a0ca155915be2668c0380 31048 python3-sane-dbg_2.5.3-1_amd64.deb
Checksums-Sha256:
96c21821f4661a8bd1ba30fab1eaaa1392d80951e690cd8aaa3a11262870d40d 2216 pillow_2.5.3-1.dsc
bf1b7d764de31ca45097c5beeee1be64c87ec64e8db3bf9bb4a1fd39b1930fda 6597031 pillow_2.5.3.orig.tar.gz
0cad52debbe2e5f75000eb23cf36728adf7fd5b9776993b103732f5c67f58965 15356 pillow_2.5.3-1.debian.tar.xz
ad5cd8f43a7edf5bca0be8f73ab40c81987b73af3f24889b25f15f7afb160fc4 18574 python-pil-doc_2.5.3-1_all.deb
202579bb57c39769a9f3f25215cde82fe2f93b853299a52d71aadc24cb0a93ac 9380 python-imaging_2.5.3-1_all.deb
125563746eafe282bff52f94ef3fc023df9fac9af96509e77e07b946582c3ca6 323484 python-pil_2.5.3-1_amd64.deb
63204d97e6f2caca2fd3cfec389c65aac2fc1f6e42ae179f5c0f72055404b36a 434572 python-pil-dbg_2.5.3-1_amd64.deb
d204d6592d82c4bf0be9bb61e84d18300a0d61561d058a134777298a0ffd29c7 13344 python-pil.imagetk_2.5.3-1_amd64.deb
c868a9dfc40b95f88e3c7a14f2afe6c8b5bf9aa10b9465793b3fc17b305ffadd 13026 python-pil.imagetk-dbg_2.5.3-1_amd64.deb
b48f61ddabf139cc3045984434eab6824d6467da92d39a43680e318cf23bd2e8 24522 python-sane_2.5.3-1_amd64.deb
e2b3e10cfe795b72a068c96dbcad869de4200ae99299ed7dfbff98ad49a4afaa 29604 python-sane-dbg_2.5.3-1_amd64.deb
61f9ab42f1888f44a90b26e2eb4da13bd13f95094c1f356a5f56c63d43c88fc4 323864 python3-pil_2.5.3-1_amd64.deb
fc8d1e20b4279f7007f7fa578b549322c74bf3c96e6285808412bcfba2ee4818 443080 python3-pil-dbg_2.5.3-1_amd64.deb
3c8790ae85c660e16e026713ba3f082677ad91ab8f55e35baadfffab35c6627e 13426 python3-pil.imagetk_2.5.3-1_amd64.deb
30be2ae0fce089b3eb0944f6a99f4145137c47d6b0987cba476b15e8abc975ee 12984 python3-pil.imagetk-dbg_2.5.3-1_amd64.deb
7c65699093faae5999079cef35eb05e26863c4a4737bed0e123aee41ac03e549 20268 python3-sane_2.5.3-1_amd64.deb
81cba45e181c4d8d801a580e04560b7d7fdf5c32c3d44ff935267804ccdf3afd 31048 python3-sane-dbg_2.5.3-1_amd64.deb
Files:
1c7e532f7f096307fbacf2b469b16239 18574 doc optional python-pil-doc_2.5.3-1_all.deb
881c57ee975d77819317eab3d62c82f9 9380 python optional python-imaging_2.5.3-1_all.deb
6036d1204f5be7dc332afd8a9488077b 323484 python optional python-pil_2.5.3-1_amd64.deb
4b3208185eeca5790a0ce388b31f98d7 434572 debug extra python-pil-dbg_2.5.3-1_amd64.deb
6709132bfbe65f5208561e9f7576a572 13344 python optional python-pil.imagetk_2.5.3-1_amd64.deb
d49fb357a31c432ae5836bec44c005fc 13026 debug extra python-pil.imagetk-dbg_2.5.3-1_amd64.deb
9ba08f41a040f68fc34a762b24ce416b 24522 python optional python-sane_2.5.3-1_amd64.deb
4599aa50c95d7c511e14d29f4139f11e 29604 debug extra python-sane-dbg_2.5.3-1_amd64.deb
69e2ac8a215836830bd2e1de03a4e870 323864 python optional python3-pil_2.5.3-1_amd64.deb
fba96f18b076dd28d4a29607866cd46b 443080 debug extra python3-pil-dbg_2.5.3-1_amd64.deb
fea88d8723c22ad04849adcd2990ba66 13426 python optional python3-pil.imagetk_2.5.3-1_amd64.deb
5f272dbeca9ef24a9e8b8f5a823d03d2 12984 debug extra python3-pil.imagetk-dbg_2.5.3-1_amd64.deb
bc06288ec3e5b2e5bf4a89a1331532d6 20268 python optional python3-sane_2.5.3-1_amd64.deb
866aa771d4fc1d2338c8d62db35dfe68 31048 debug extra python3-sane-dbg_2.5.3-1_amd64.deb
a4b1413c3ae213ed584cbb212993956f 2216 python optional pillow_2.5.3-1.dsc
17a8925a8d4c81fee2b90af3f9a6937e 6597031 python optional pillow_2.5.3.orig.tar.gz
83fe6362c13fce9f4ac8758672bd72b1 15356 python optional pillow_2.5.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlP1m2wACgkQStlRaw+TLJwiaQCeMMn2TAAQicaKRKttfj/9ijcr
Q10AnivrP3pThl/6xYAi4O2v1hmizd7y
=9x/e
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 25 Dec 2014 07:34:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:02:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon