Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted pillow 4.0.0-4+deb9u3 (source) into oldstable
Date: Thu, 22 Jul 2021 09:00:13 +0000
Signed by: Neil Williams <codehelp@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jul 2021 13:46:43 +0100
Source: pillow
Architecture: source
Version: 4.0.0-4+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Neil Williams <codehelp@debian.org>
Changes:
 pillow (4.0.0-4+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2021-34552 - Replace sprintf with snprintf. Backport upstream change
      from 8.3.
   * CVE-2021-28676 - check that the block advance was
   non-zero, potentially leading to an infinite loop on load.
   * CVE-2021-25290 - Fix negative size read in TiffDecode.c
   * CVE-2020-35653 - Fix read overflow in PCX Decoding
   * CVE-2021-28677 - Fix EPS DOS on _open
Checksums-Sha1:
 6660b84b2564fa0f5fca9cff8484d8d1ead5d685 2782 pillow_4.0.0-4+deb9u3.dsc
 e7ea416630bce56b73f391eab6b8e699bb96a5bd 50000 pillow_4.0.0-4+deb9u3.debian.tar.xz
Checksums-Sha256:
 0ecef50f763ff773a41ee10489dc856d5fbf4816e166c76b8f88de0b25a869ef 2782 pillow_4.0.0-4+deb9u3.dsc
 cf1703bff690980c47dcc1dc67af530ed0965abfd471c9e00a2d25fc4de1f3c1 50000 pillow_4.0.0-4+deb9u3.debian.tar.xz
Files:
 f2ab6714687552deb47473e0ddab3fa0 2782 python optional pillow_4.0.0-4+deb9u3.dsc
 91ab876a25bb0842a42d90cce3421ab8 50000 python optional pillow_4.0.0-4+deb9u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEf3HB6ceOc10DYMbM8WfkPIFDtoIFAmD5L+sACgkQ8WfkPIFD
toLQgRAAlCmkbQ98j2KzS8blthOSpu6XW+/fKP4T6xPnogC6SAExfmCwG/UEbG5R
vBjJXL1Tsz/4tCQZ6C+uDF9qzRGWWSNPlH1B6LNTlVoX2h0gEwjTIg/5htJXDDpd
l2mAe3Nxi0d6Ncolj3Xg3NE/7WVmTkBwHIF/exEMzDRJLFVOabH/QksdoZZ+i/+o
iLfLNf3jZ0umMfK1jgYPmP1ILGYoockNdjD8aDcMz9IeOUVt2LZEFEmKrSS/9xB7
iAKCUQLKKSQR7ebwKgmJtB7EFnMVQoD0aQWJGFs6o9XtYx+OfhtK6Xn2kSjlE+Y6
dQUkD7OdMw3ToOLvwYcscqsBtB6yVOMlEhpqxyCF1REInaipa2dFFzkroht/H1Lz
4m5DJL4Z10aIQZuTcsCiriusGhX4kaARys+07pH0Ang4uKVIYuC1PgdUj/JFjIJu
LCd13Atu3x0zsi+MgMu55GcwSJS9BlVwJoF5sNBVKBtq1360mSxSQdaU6z3h/r6G
iY/PdcdBTJAvlysvsSeQNjSqhdaezFNkCh2sAqw3++wxGBBNmGPqaVdfQnB8wcRf
Xa5gImhErotZKaMji+ePfAXYpn4L/LZRR6iF07HR9kpYbt1diIVkZWpvW5FhvQcv
A+dhcJbbgQcJ1JRxTUkqBZQAegbhjVxu+sacyAsjzIajDyA+WCI=
=1B32
-----END PGP SIGNATURE-----

News for package pillow