Debian Package Tracker

general

source: pillow (main)
version: 7.0.0-4
maintainer: Matthias Klose (DMD)
arch: all any
std-ver: 4.5.0
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6.1-2+deb8u3
o-o-sec: 2.6.1-2+deb8u4
oldstable: 4.0.0-4
old-sec: 4.0.0-4+deb9u1
stable: 5.4.1-2
stable-sec: 5.4.1-2+deb10u1
testing: 6.2.1-2
unstable: 7.0.0-4

versioned links

2.6.1-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.1-2+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.0-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.1-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.0.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-pil-doc
python3-pil
python3-pil-dbg
python3-pil.imagetk
python3-pil.imagetk-dbg

action needed

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2020-5310: libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

Please fix it.

Created: 2019-10-18 Last update: 2020-02-21 22:51

5 security issues in bullseye high

There are 5 open security issues in bullseye.

5 important issues:

CVE-2020-5310: libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVE-2020-5311: libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
CVE-2019-19911: There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVE-2020-5312: libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
CVE-2020-5313: libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

Please fix them.

Created: 2020-01-03 Last update: 2020-02-21 22:51

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2020-02-04 Last update: 2020-02-23 08:03

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-02-18 Last update: 2020-02-23 08:01

RM: This package has been requested to be removed. normal

This package has been requested to be removed. This means that, when this request gets processed by an ftp-master, this package will no longer be in unstable, and will automatically be removed from testing too afterwards. If for some reason you want keep this package in unstable, please discuss so in the bug. Please see bug number #935337 for more information.

Created: 2019-08-21 Last update: 2019-08-21 22:01

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2019-16865: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Please fix it.

Created: 2019-10-18 Last update: 2020-02-21 22:51

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2019-16865: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Please fix it.

Created: 2019-10-18 Last update: 2020-02-21 22:51

testing migrations

excuses:
- Migration status for pillow (6.2.1-2 to 7.0.0-4): Will attempt migration (Any information below is purely informational)
- Additional info:
- Updating pillow fixes old bugs: #948224
- Piuparts tested OK - https://piuparts.debian.org/sid/source/p/pillow.html
- Required age reduced by 3 days because of autopkgtest
- 25 days old (needed 2 days)

news

[rss feed]

[2020-02-21] Accepted pillow 4.0.0-4+deb9u1 (source all amd64) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2020-02-21] Accepted pillow 5.4.1-2+deb10u1 (source amd64 all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2020-01-29] Accepted pillow 7.0.0-4 (source) into unstable (Debian FTP Masters) (signed by: Matthias Klose)
[2020-01-12] Accepted pillow 7.0.0-3 (source) into unstable (Matthias Klose)
[2020-01-06] Accepted pillow 2.6.1-2+deb8u4 (source all amd64) into oldoldstable (Chris Lamb)
[2020-01-06] Accepted pillow 7.0.0-2 (source) into unstable (Matthias Klose)
[2020-01-06] Accepted pillow 7.0.0-1 (source) into unstable (Matthias Klose)
[2019-12-30] pillow 6.2.1-2 MIGRATED to testing (Debian testing watch)
[2019-11-04] Accepted pillow 6.2.1-2 (source) into unstable (Matthias Klose)
[2019-10-26] Accepted pillow 6.2.1-1 (source) into unstable (Matthias Klose)
[2019-10-19] pillow 6.2.0-1 MIGRATED to testing (Debian testing watch)
[2019-10-19] pillow 6.2.0-1 MIGRATED to testing (Debian testing watch)
[2019-10-16] Accepted pillow 6.2.0-1 (source) into unstable (Matthias Klose)
[2019-07-10] pillow 6.1.0-1 MIGRATED to testing (Debian testing watch)
[2019-07-07] Accepted pillow 6.1.0-1 (source) into unstable (Matthias Klose)
[2019-04-10] pillow 5.4.1-2 MIGRATED to testing (Debian testing watch)
[2019-04-07] Accepted pillow 5.4.1-2 (source) into unstable (Matthias Klose)
[2019-04-07] Accepted pillow 6.0.0-1 (source) into experimental (Matthias Klose)
[2019-01-20] pillow 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2019-01-18] Accepted pillow 5.4.1-1 (source) into unstable (Matthias Klose)
[2018-10-20] pillow 5.3.0-1 MIGRATED to testing (Debian testing watch)
[2018-10-18] Accepted pillow 5.3.0-1 (source) into unstable (Matthias Klose)
[2018-07-22] pillow 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2018-07-20] Accepted pillow 5.2.0-2 (source) into unstable (Matthias Klose)
[2018-07-11] Accepted pillow 5.2.0-1 (source) into unstable (Matthias Klose)
[2018-04-09] Accepted pillow 5.1.0-1 (source) into unstable (Matthias Klose)
[2018-01-06] Accepted pillow 5.0.0-1 (source) into unstable (Matthias Klose)
[2017-10-31] pillow 4.3.0-2 MIGRATED to testing (Debian testing watch)
[2017-10-26] Accepted pillow 4.3.0-2 (source) into unstable (Matthias Klose)
[2017-10-22] pillow 4.3.0-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 8
RC: 0
I&N: 7
M&W: 1
F&P: 0
patch: 1

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.0.0-4build1
22 bugs