Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted pillow 4.0.0-4+deb9u4 (source) into oldoldstable
Date: Sun, 23 Jan 2022 18:40:34 +0000
Signed by: Emilio Pozuelo Monfort <pochu@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 23 Jan 2022 19:18:54 +0100
Source: pillow
Architecture: source
Version: 4.0.0-4+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Changes:
 pillow (4.0.0-4+deb9u4) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2022-22815: improper buffer initialization.
   * CVE-2022-22816: buffer over-read.
   * CVE-2022-22817: improper sanitization leading to code execution.
   * Make test suite errors fatal.
Checksums-Sha1:
 f1191176b535327540e4b5fc3c25b7f30b6a8d96 2782 pillow_4.0.0-4+deb9u4.dsc
 f4b7d1211b2ca6e09e6d4ea8e91ab64f69dd1326 7854072 pillow_4.0.0.orig.tar.xz
 2658ebf8c57b5964cb6082449bc3a0420e4918ff 51244 pillow_4.0.0-4+deb9u4.debian.tar.xz
 d02f10e9f0e78483e808f6d5e9360390290fb224 6274 pillow_4.0.0-4+deb9u4_source.buildinfo
Checksums-Sha256:
 be2e21618dca230d5ed25667af7813d46b9b3e968a0987d4429667fce9bbdbb5 2782 pillow_4.0.0-4+deb9u4.dsc
 d68b6e6777de6824b3345540038372c451021bd14ac0dd04da2d89ef88c7f870 7854072 pillow_4.0.0.orig.tar.xz
 d30f6c6f2e5785e5b1de8653cb51626e675713453e66b2fbfb713544c361c988 51244 pillow_4.0.0-4+deb9u4.debian.tar.xz
 b33ec208383b1294e034b29bc653cd35baf664c710e219587cfe19713444891a 6274 pillow_4.0.0-4+deb9u4_source.buildinfo
Files:
 768144c25d95aedefe7d51d21ee89e00 2782 python optional pillow_4.0.0-4+deb9u4.dsc
 4052cca60a7445ef1dc6d9d61522606b 7854072 python optional pillow_4.0.0.orig.tar.xz
 96e92b61e4ca86dccff2c061d1e05cab 51244 python optional pillow_4.0.0-4+deb9u4.debian.tar.xz
 031fe80ad6fd737b3f3d1fa54a4e358b 6274 python optional pillow_4.0.0-4+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmHtoAgACgkQnUbEiOQ2
gwJvNA/9Ehs3DgHLlnB+RNjKz/ZLP4VMVQkBdH2Nfi7QIzauBP9j+wWZ5rXOzt0A
uFBWHipbjvfbouWWW3bVKczQbHxdXrcFo3wprPLJQQFCscz4zJ1fbpyRIRQ8m4jp
vqSaNXMjpmWywZec2xdpLvpDcC++pxpljLni5Y/cv/1Jw+SpAFa1j47Ku979u+ka
pkNJp1t3PU1YvQRZYfIsp56231EQpOrUueknOk9pWVD13H9xLHBo2dxqE5WkY1gw
Cf10S9py+BBdGScZjsiQS7EG1Z0Q+b91seP4uAQF5HQR73dZv8UyDRpBlBzd3asj
ApQ9gRq5l4GgTg8XOYJBbqreFuTCS7h5fKTMwjHz8CkIOlKqsIUBR9nSweZGF9h4
3qUPusUn8LslkPYjgGIjWt80G9DRQ0Bpa79xYavUhxgZg9Bv8xnmNQhxbaavfSTd
lBV2jL6uYRpHdy6h0gm13Mtv+DsWzcHQdx4y8U8F+Cys+53FTajlU7bpni9uE0bw
R/Dc0VfXmsUZD4QSW9eD5b6UMJPq5bBw05E7xzSHdcl5vPfVNMo6tHcHlEiY0qh0
cCWvY0x9242IXR5ub45vIctbju5Y9X6YlS8aXsphM0tNKObBxDKr9tbCgBs8rkYb
VMqeaAbN87RvfREkivT96hvvB5dmDt66bTLqn5InQ8a4xoImBUk=
=e88m
-----END PGP SIGNATURE-----

News for package pillow