Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted pillow 8.1.2+dfsg-0.3+deb11u3 (source) into oldoldstable-security
Date: Sun, 01 Feb 2026 03:00:23 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 01 Feb 2026 01:54:08 +0100
Source: pillow
Architecture: source
Version: 8.1.2+dfsg-0.3+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Changes:
 pillow (8.1.2+dfsg-0.3+deb11u3) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * d/patches/CVE-2022-45198.patch: Add patch to fix CVE-2022-45198.
     - Mitigate a GIF decompression bomb.
   * d/patches/CVE-2022-24303.patch: Add patch to fix CVE-2022-24303.
     - Fix a possible path traversal allowing attackers to delete files.
   * d/patches/CVE-2021-23437.patch: Add patch to fix CVE-2021-23437.
     - Fix an uncontrolled resource consumption.
Checksums-Sha1:
 52838e0200ff814cd4f49334cc8881278e3436f2 2472 pillow_8.1.2+dfsg-0.3+deb11u3.dsc
 957d022b56eb23dba18eb69225a3acc53ddad92d 37523796 pillow_8.1.2+dfsg.orig.tar.xz
 4974bf9d4cf6b5a846032ee891d15bb17835ff49 28388 pillow_8.1.2+dfsg-0.3+deb11u3.debian.tar.xz
 aa76a60a71798becb1a13c04a4af2a86225a5e7b 14016 pillow_8.1.2+dfsg-0.3+deb11u3_amd64.buildinfo
Checksums-Sha256:
 7ec3913b70e3103206c19fb46ed103dc8a8cac3566080320e7d37cd933c26fac 2472 pillow_8.1.2+dfsg-0.3+deb11u3.dsc
 7fb9b5e9306bfc30990322314cd92b6befd8e6ab9af6ef5bbccca18f938e4e49 37523796 pillow_8.1.2+dfsg.orig.tar.xz
 f40d757723776b52e540a3d0607de03809ad94eab7bb3c3eb0394d698a550f75 28388 pillow_8.1.2+dfsg-0.3+deb11u3.debian.tar.xz
 dfce5bfb4241f748420c5e88fc0134624c6aa90769b0e057b51463f2a19fefb3 14016 pillow_8.1.2+dfsg-0.3+deb11u3_amd64.buildinfo
Files:
 d576aa7476922e79599f2f80445d747c 2472 python optional pillow_8.1.2+dfsg-0.3+deb11u3.dsc
 d59ebd25220f5a7cff9a17232ca3701e 37523796 python optional pillow_8.1.2+dfsg.orig.tar.xz
 c6728a1099c9d36ee2dcf664cf91643b 28388 python optional pillow_8.1.2+dfsg-0.3+deb11u3.debian.tar.xz
 513013ecedda3a5a26e98eff684a0051 14016 python optional pillow_8.1.2+dfsg-0.3+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAml+vacACgkQS80FZ8KW
0F3nFw//Zi0K2aFKlsXGaKBVeKYWrgD7M29x815/3ETvGoH2j/5cCVYIfZfwQ2HJ
TXGDsqLlYGOhLiC3uIUm2het95VVxuZIH5HbCuKJHNmUGjLvgxh+6QJqQs3rTOul
i/gK2ZNOeE2ZAFA3biFQXNa4jTNvL3kOXOgc68sbOXkcffLNDlQa8Dkc5LPjcKCT
9PrsnK3nXVcN0QnHnG2uMgNPlU4rpEhwWxFCjmEZfC6gnbHOqKOyajjan6Dsj9vL
5fz8OOgrRneOzGJbHcxuBkQFT0W9yF8u9PvV34Y44Qs8I7bM0djdlwqN5sQoFEwV
JYteTP7H69R8Qv5EU3JVaadY2XZyHYpEkzVs0chnLxrxX2PqUdvZyTSvKfWkDOpM
x3G+wl9OheIoK6icULnDsZWVdchvFZSR5MbBJBufcctPo2RHoqfcb0T1PRhqOinL
c2W/bav1Ntb61KkrU4Lkl75ksEKIxrYRM+9qwZ0u4uPYPBrMerV4VVhl7vnfwC6g
5LbGGx9UFjqF7FQ6NObAcX008UCeKQO46ac1oS+hlrLKmhpXOSRazKO+IBP4FTad
FPSxbL1WxsGwusdvGlqDSsnx37Q4FPJJdsdM61dHe66HWGrZ3V8czBjGmOqRiYuS
LE10k0pXfO9CGV0dqEWCdcQIfv+ux8cAt3a8k+Uu7Dnp2ZKivXw=
=W8Dr
-----END PGP SIGNATURE-----

News for package pillow