-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Mar 2021 07:13:48 +0100 Source: pillow Architecture: source Version: 8.1.1-1 Distribution: unstable Urgency: high Maintainer: Matthias Klose <doko@debian.org> Changed-By: Matthias Klose <doko@debian.org> Changes: pillow (8.1.1-1) unstable; urgency=high . * New upstream version. - Use more specific regex chars to prevent ReDoS. CVE-2021-25292. - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291. - Fix negative size read in TiffDecode.c. CVE-2021-25290. - Fix OOB read in SgiRleDecode.c. CVE-2021-25293. - Incorrect error code checking in TiffDecode.c. CVE-2021-25289. Checksums-Sha1: 1829b79705872446565e49d8b4eb8860a9c40909 2422 pillow_8.1.1-1.dsc 25be56fabe21177924d2449d29d848db68e9618d 39364536 pillow_8.1.1.orig.tar.xz 4a9985c81a2ecaa865f4195f2964027622824c4f 15656 pillow_8.1.1-1.debian.tar.xz 2e2a8bf16f7577ce156732f56a09f8901a645801 11042 pillow_8.1.1-1_source.buildinfo Checksums-Sha256: 5e1ac3e7e3b8e75e822c91f2a8663e19f281490d661b6c4242caee3f677bb7f1 2422 pillow_8.1.1-1.dsc b6dcd8ee90ae09fd3876d1770cd1c569befcfef3ec81177e024e2617338480b5 39364536 pillow_8.1.1.orig.tar.xz 5ffcb5c59c1ee9cf8df8a0ab29c9a43b807ef88acb96551b56b75ea67a2756c3 15656 pillow_8.1.1-1.debian.tar.xz c2ec8316c4e1a7b37a76a009a016dfa825656fd8d66ef689c0b121539a911bad 11042 pillow_8.1.1-1_source.buildinfo Files: 6ea0883aac7189ac40ed44d4436ff634 2422 python optional pillow_8.1.1-1.dsc 81c2b3e44d26e296aa86fc1a628b0310 39364536 python optional pillow_8.1.1.orig.tar.xz 8eb4f4c93fe723447e5643849ecc11a3 15656 python optional pillow_8.1.1-1.debian.tar.xz 19d08c9478ecd3316a1212b7bc8b2d9b 11042 python optional pillow_8.1.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmBAe2QQHGRva29AZGVi aWFuLm9yZwAKCRC9fqpgd4+m9d/aEACJ9f2yp+QpdylaTODJZQjJdV7+AMlKOuG/ +F//S3GBaMg70DW1Ll09dzyD1m6Gfm2YWYrVMPBFQ3PXJOyeuz9uxRFz0lEWbhjG Z65ZkPVrXV8vajjxaYHDkKiTOHgNwNqkFXR0iOqXqRi9A9WG3oO4iODZgmheAJGy P59xTdACxFTj2BLoxWEEUfe7NWWv87eT0vIP3gOXibPDmYg8MU0SmfPp6ogsDz7Y wjOfjtJ79f5NE4uB3XnznCmd5rFtTArDwA1O6uHZmKj7ySaAgLfkdzWKKa7VXQnc 7mg5ZNetfeCb1lbD/TjAdphvkyO+k2NDVevsLr9bJOUY83D/Kkb65BGPCOZIKEs9 Bb+UZuVszOUZaU5lAXJK9y1DEbzB1rflejrtV2MGHIOwrZRHpvRVxBNMt7tuESUH CIHOOfWRhZjqOABwSV6u9ABg4uJJ+AFrdNMGPXHK6AslpZzoBWRfbu69PfmUy5Ob zgrRNMmIQ7m/smkR5VMzD6V+1mfCQ7gJb/AVk7vNVOIGNEIKMS7QkW95iybWSQ1E 9F+BzF+7zzIHwHLuuc27fBgdcCnnGW7iqMUV/XzbpFFr98VBDuPSvKFOEX/4llji HLBpylhmYR404T3cnUsZBRDwts7j/nmY/hQtFDt13YvThthwPuqyo+T6FX0//o8B 3jeQ8C5Vkw== =Dn7I -----END PGP SIGNATURE-----