Summary: | graphics/py-pillow: Backport security fixes from 3.1.1. | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Raphael Kubo da Costa <rakuco> | ||||
Component: | Individual Port(s) | Assignee: | Kubilay Kocak <koobs> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | ports-secteam | ||||
Priority: | Normal | Keywords: | patch, security | ||||
Version: | Latest | Flags: | koobs:
maintainer-feedback+
koobs: merge-quarterly+ |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Raphael Kubo da Costa
![]() ![]() ping koobs Thank you Raphael, if these changes pass QA, I'm happy to approve: * portlint * poudriere testport * make test (unit tests) A commit references this bug: Author: koobs Date: Sat Feb 13 10:51:09 UTC 2016 New revision: 408782 URL: https://svnweb.freebsd.org/changeset/ports/408782 Log: graphics/py-pillow: Backport security fixes Backport security fixes from 3.1.1 release, resolving the following vulnerabilities: * CVE-2016-0775: Buffer overflow in FLI decoding code * CVE-2016-0740: Buffer overflow in TIFF decoding code * Integer overflow in Resample.c [1] * Buffer overflow in PCD decoder [2] [1] https://github.com/python-pillow/Pillow/issues/1710 [2] https://github.com/python-pillow/Pillow/issues/568 PR: 207053 Submitted by: rakuco MFH: 2016Q1 Security: a8de962a-cf15-11e5-805c-5453ed2e2b49 Changes: head/graphics/py-pillow/Makefile head/graphics/py-pillow/files/ head/graphics/py-pillow/files/patch-CVE-2016-0740 head/graphics/py-pillow/files/patch-CVE-2016-0775 head/graphics/py-pillow/files/patch-libImaging-PcdDecode.c head/graphics/py-pillow/files/patch-libImaging-Resample.c A commit references this bug: Author: koobs Date: Sat Feb 13 10:54:52 UTC 2016 New revision: 408783 URL: https://svnweb.freebsd.org/changeset/ports/408783 Log: MFH: r408782 graphics/py-pillow: Backport security fixes Backport security fixes from 3.1.1 release, resolving the following vulnerabilities: * CVE-2016-0775: Buffer overflow in FLI decoding code * CVE-2016-0740: Buffer overflow in TIFF decoding code * Integer overflow in Resample.c [1] * Buffer overflow in PCD decoder [2] [1] https://github.com/python-pillow/Pillow/issues/1710 [2] https://github.com/python-pillow/Pillow/issues/568 PR: 207053 Submitted by: rakuco Security: a8de962a-cf15-11e5-805c-5453ed2e2b49 Approved by: ports-secteam (security) Changes: _U branches/2016Q1/ branches/2016Q1/graphics/py-pillow/Makefile branches/2016Q1/graphics/py-pillow/files/ Committed to HEAD and quarterly branch (2016Q1) Thank you for taking care of this Raphael |