-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 29 Jan 2024 11:10:33 -0800 Source: pillow Architecture: source Version: 5.4.1-2+deb10u4 Distribution: buster-security Urgency: high Maintainer: Matthias Klose <doko@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1061172 Changes: pillow (5.4.1-2+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2023-50447: Prevent a potential arbitrary code execution vulnerability in the PIL.ImageMath.eval functionality. (Closes: #1061172) * Re-enable running Pillow's own testsuite in debian/rules. Checksums-Sha1: 0966493180b96ec058992bfb85aff8fa125e338c 2846 pillow_5.4.1-2+deb10u4.dsc 480e72c23fe96c4241f87ed64661b5ffa6157718 12248208 pillow_5.4.1.orig.tar.xz 42bde42f2780bc5fb354100ce465a6fe50e8793f 22176 pillow_5.4.1-2+deb10u4.debian.tar.xz b560255dcb0576ab3e17009e90fb05b64b77f158 14361 pillow_5.4.1-2+deb10u4_amd64.buildinfo Checksums-Sha256: a93904ee4aa9d2a5f850391e3d7d11a59576f3dded230fcd5143732c2d612783 2846 pillow_5.4.1-2+deb10u4.dsc db7f301e4bf1eade3321430014b71230492443015929a221163c6b52af68320d 12248208 pillow_5.4.1.orig.tar.xz a1fb2613dde2c16d18d9bfee4070d6df4a69a4678941db869ab3288a110c1624 22176 pillow_5.4.1-2+deb10u4.debian.tar.xz ab05960d785ff06d22d1a797a83a01f2c428fde592ed39e70ccce55a4a63fc16 14361 pillow_5.4.1-2+deb10u4_amd64.buildinfo Files: 44dcf3d7f15bd53dfb721c3edb7821a2 2846 python optional pillow_5.4.1-2+deb10u4.dsc c05bfe9b46c70b5823d9e25fa796ff19 12248208 python optional pillow_5.4.1.orig.tar.xz a8a88b776c825e873411b7aae351f452 22176 python optional pillow_5.4.1-2+deb10u4.debian.tar.xz 889308726bfda45c3f864f99e8b49dcb 14361 python optional pillow_5.4.1-2+deb10u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmW3+fEACgkQHpU+J9Qx Hlj26A//fe2TUmscPj0wotpM5/CjlvclHirLA0dyuIoe+69zm2mUINEA9AUO/bHt UY/eW43Aa/1fdnGvzkT5c0Dsn6k96T1xx7/Ym7obzUZT1qT2DEJvTPrKMzfXgnGs H5IyqK1k1z36q4jsVQWJGDPTvtgTM3Q+9LdHa927EC3U3hhGruVZoQ7prG4/Ihyq l++kaglIKr2GFzqplUta0SKsSD2Wz1UHbpi4M4K0QbWzHVhwoNJFMeR3LJh7MwoQ qBVB+pXRkbe5rPnQ7CoN1PDd1qcZoBgcN0LS4WssWG7RZQ7xb3CW8xAC1DkbzquG Caf5wQcaOMtUFd5oqvMKs84UZwgoyHsnKF+9nZX6qCMqQJ5ZzTeihMDXpwDUtokl MYAts8ER2YhonUZFBDPAcDufspKQqITMD1ZTR2r3Q4K1QlcPe/altgWJHnCIghAZ cbDT1czPtotZrOuLhcGFrL26lSwZqdg9oncZ0Y6tcqR/9O3qIzBrpdLrK883bXXR 8Qe3Cx/zOOe90WhZJzj1PBkaY8Pxlj4uGQnBg1lOxO/BQ3FRAChEX259FKD6X1Jw 2TWRjxgqsGH56T/3uaAudzoF+uiEVMhtquONyb3Axfh8zg5irmS1OL+E9Axhbrzl t3QQhlaYuXi65QFJOf67raN6FYYSYWSjho91RCCQrRTLlRGORVo= =JQJ3 -----END PGP SIGNATURE-----