Debian Package Tracker
Register | Log in
Subscribe

pillow

Choose email to subscribe with

general
  • source: pillow (main)
  • version: 8.1.2-1
  • maintainer: Matthias Klose (DMD)
  • arch: all any
  • std-ver: 4.5.1
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 4.0.0-4+deb9u1
  • old-sec: 4.0.0-4+deb9u2
  • stable: 5.4.1-2+deb10u2
  • stable-sec: 5.4.1-2+deb10u1
  • testing: 8.1.2-1
  • unstable: 8.1.2-1
versioned links
  • 4.0.0-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.0.0-4+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.4.1-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.4.1-2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-pil-doc
  • python3-pil
  • python3-pil-dbg
  • python3-pil.imagetk
  • python3-pil.imagetk-dbg
action needed
A new upstream version is available: 8.2.0 high
A new upstream version 8.2.0 is available, you should consider packaging it.
Created: 2021-04-02 Last update: 2021-04-12 04:32
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2020-10-19 Last update: 2021-04-12 04:02
lintian reports 18 warnings normal
Lintian reports 18 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2021-01-27 03:04
9 low-priority security issues in buster low

There are 9 open security issues in buster.

6 issues left for the package maintainer to handle:
  • CVE-2020-35653: (needs triaging) In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
  • CVE-2020-35655: (needs triaging) In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
  • CVE-2021-25290: (needs triaging) An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
  • CVE-2021-25291: (needs triaging) An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
  • CVE-2021-25292: (needs triaging) An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
  • CVE-2021-25293: (needs triaging) An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

You can find information about how to handle these issues in the security team's documentation.

3 ignored issues:
  • CVE-2021-27921: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
  • CVE-2021-27922: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
  • CVE-2021-27923: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Created: 2021-02-19 Last update: 2021-04-05 06:04
news
[rss feed]
  • [2021-03-14] pillow 8.1.2-1 MIGRATED to testing (Debian testing watch)
  • [2021-03-09] Accepted pillow 8.1.2-1 (source) into unstable (Matthias Klose)
  • [2021-03-09] pillow 8.1.1-1 MIGRATED to testing (Debian testing watch)
  • [2021-03-04] Accepted pillow 8.1.1-1 (source) into unstable (Matthias Klose)
  • [2021-01-11] pillow 8.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-06] Accepted pillow 8.1.0-1 (source) into unstable (Matthias Klose)
  • [2020-11-01] pillow 8.0.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-29] Accepted pillow 8.0.1-1 (source) into unstable (Matthias Klose)
  • [2020-10-19] Accepted pillow 8.0.0-1 (source) into experimental (Matthias Klose)
  • [2020-08-08] Accepted pillow 4.0.0-4+deb9u2 (source all amd64) into oldstable (Utkarsh Gupta)
  • [2020-07-25] Accepted pillow 5.4.1-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • [2020-07-18] pillow 7.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-16] Accepted pillow 7.2.0-1 (source) into unstable (Matthias Klose)
  • [2020-04-24] pillow 7.0.0-4 MIGRATED to testing (Debian testing watch)
  • [2020-02-25] Accepted pillow 4.0.0-4+deb9u1 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Mühlenhoff)
  • [2020-02-25] Accepted pillow 5.4.1-2+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
  • [2020-02-21] Accepted pillow 4.0.0-4+deb9u1 (source all amd64) into oldstable->embargoed, oldstable (Moritz Mühlenhoff)
  • [2020-02-21] Accepted pillow 5.4.1-2+deb10u1 (source amd64 all) into stable->embargoed, stable (Moritz Mühlenhoff)
  • [2020-01-29] Accepted pillow 7.0.0-4 (source) into unstable (Matthias Klose)
  • [2020-01-12] Accepted pillow 7.0.0-3 (source) into unstable (Matthias Klose)
  • [2020-01-06] Accepted pillow 2.6.1-2+deb8u4 (source all amd64) into oldoldstable (Chris Lamb)
  • [2020-01-06] Accepted pillow 7.0.0-2 (source) into unstable (Matthias Klose)
  • [2020-01-06] Accepted pillow 7.0.0-1 (source) into unstable (Matthias Klose)
  • [2019-12-30] pillow 6.2.1-2 MIGRATED to testing (Debian testing watch)
  • [2019-11-04] Accepted pillow 6.2.1-2 (source) into unstable (Matthias Klose)
  • [2019-10-26] Accepted pillow 6.2.1-1 (source) into unstable (Matthias Klose)
  • [2019-10-19] pillow 6.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-10-16] Accepted pillow 6.2.0-1 (source) into unstable (Matthias Klose)
  • [2019-07-10] pillow 6.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-07-07] Accepted pillow 6.1.0-1 (source) into unstable (Matthias Klose)
  • 1
  • 2
bugs [bug history graph]
  • all: 5
  • RC: 1
  • I&N: 3
  • M&W: 1
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 18)
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 8.1.2-1
  • 14 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing