Attachment 176880 Details for Bug 214410 – VuXML entry for py-pillow

[patch] VuXML entry for py-pillow

security_vuxml.patch (text/plain), 1.64 KB, created by VK on 2016-11-10 22:39:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: VK

Created: 2016-11-10 22:39:00 UTC

Size: 1.64 KB

patch

obsolete

>Index: security/vuxml/vuln.xml
>===================================================================
>--- security/vuxml/vuln.xml	(revision 425855)
>+++ security/vuxml/vuln.xml	(working copy)
>@@ -58,6 +58,35 @@
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="bc4898d5-a794-11e6-b2d3-60a44ce6887b">
>+ <topic>Pillow -- multiple vulnerabilities</topic>
>+ <affects>
>+ <package>
>+	<name>py-pillow</name>
>+	<range><lt>3.3.2</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	Pillow reports:
>+	<blockquote cite="http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html">
>+	 Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption.
>+	 Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbitrary writes.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+	<url>http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html</url>
>+	<url>https://github.com/python-pillow/Pillow/issues/2105</url>
>+	<cvename>CVE-2016-9189</cvename>
>+	<cvename>CVE-2016-9190</cvename>
>+ </references>
>+ <dates>
>+ <discovery>2016-09-06</discovery>
>+ <entry>2016-11-10</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="50751310-a763-11e6-a881-b499baebfeaf">
> <topic>openssl -- multiple vulnerabilities</topic>
> <affects>

Actions: View | Diff

Attachments on bug 214410: 176880