pillow - Debian Package Tracker

general

source: pillow (main)
version: 8.1.2-1
maintainer: Matthias Klose (DMD)
arch: all any
std-ver: 4.5.1
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 4.0.0-4+deb9u1
old-sec: 4.0.0-4+deb9u2
stable: 5.4.1-2+deb10u2
stable-sec: 5.4.1-2+deb10u1
testing: 8.1.2-1
unstable: 8.1.2-1

versioned links

4.0.0-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.0-4+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.1-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.1-2+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-pil-doc
python3-pil
python3-pil-dbg
python3-pil.imagetk
python3-pil.imagetk-dbg

action needed

A new upstream version is available: 8.2.0 high

A new upstream version 8.2.0 is available, you should consider packaging it.

Created: 2021-04-02 Last update: 2021-04-12 04:32

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-04-12 04:02

lintian reports 18 warnings normal

Lintian reports 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:04

9 low-priority security issues in buster low

There are 9 open security issues in buster.

6 issues left for the package maintainer to handle:

CVE-2020-35653: (needs triaging) In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
CVE-2020-35655: (needs triaging) In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
CVE-2021-25290: (needs triaging) An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25291: (needs triaging) An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2021-25292: (needs triaging) An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVE-2021-25293: (needs triaging) An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

You can find information about how to handle these issues in the security team's documentation.

3 ignored issues:

CVE-2021-27921: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2021-27922: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27923: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

Created: 2021-02-19 Last update: 2021-04-05 06:04

news

[rss feed]

[2021-03-14] pillow 8.1.2-1 MIGRATED to testing (Debian testing watch)
[2021-03-09] Accepted pillow 8.1.2-1 (source) into unstable (Matthias Klose)
[2021-03-09] pillow 8.1.1-1 MIGRATED to testing (Debian testing watch)
[2021-03-04] Accepted pillow 8.1.1-1 (source) into unstable (Matthias Klose)
[2021-01-11] pillow 8.1.0-1 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted pillow 8.1.0-1 (source) into unstable (Matthias Klose)
[2020-11-01] pillow 8.0.1-1 MIGRATED to testing (Debian testing watch)
[2020-10-29] Accepted pillow 8.0.1-1 (source) into unstable (Matthias Klose)
[2020-10-19] Accepted pillow 8.0.0-1 (source) into experimental (Matthias Klose)
[2020-08-08] Accepted pillow 4.0.0-4+deb9u2 (source all amd64) into oldstable (Utkarsh Gupta)
[2020-07-25] Accepted pillow 5.4.1-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2020-07-18] pillow 7.2.0-1 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted pillow 7.2.0-1 (source) into unstable (Matthias Klose)
[2020-04-24] pillow 7.0.0-4 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted pillow 4.0.0-4+deb9u1 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Mühlenhoff)
[2020-02-25] Accepted pillow 5.4.1-2+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2020-02-21] Accepted pillow 4.0.0-4+deb9u1 (source all amd64) into oldstable->embargoed, oldstable (Moritz Mühlenhoff)
[2020-02-21] Accepted pillow 5.4.1-2+deb10u1 (source amd64 all) into stable->embargoed, stable (Moritz Mühlenhoff)
[2020-01-29] Accepted pillow 7.0.0-4 (source) into unstable (Matthias Klose)
[2020-01-12] Accepted pillow 7.0.0-3 (source) into unstable (Matthias Klose)
[2020-01-06] Accepted pillow 2.6.1-2+deb8u4 (source all amd64) into oldoldstable (Chris Lamb)
[2020-01-06] Accepted pillow 7.0.0-2 (source) into unstable (Matthias Klose)
[2020-01-06] Accepted pillow 7.0.0-1 (source) into unstable (Matthias Klose)
[2019-12-30] pillow 6.2.1-2 MIGRATED to testing (Debian testing watch)
[2019-11-04] Accepted pillow 6.2.1-2 (source) into unstable (Matthias Klose)
[2019-10-26] Accepted pillow 6.2.1-1 (source) into unstable (Matthias Klose)
[2019-10-19] pillow 6.2.0-1 MIGRATED to testing (Debian testing watch)
[2019-10-16] Accepted pillow 6.2.0-1 (source) into unstable (Matthias Klose)
[2019-07-10] pillow 6.1.0-1 MIGRATED to testing (Debian testing watch)
[2019-07-07] Accepted pillow 6.1.0-1 (source) into unstable (Matthias Klose)

bugs [bug history graph]

all: 5
RC: 1
I&N: 3
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (0, 18)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8.1.2-1
14 bugs