it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4631-1] pillow security update
- Date: Fri, 21 Feb 2020 20:22:04 +0000
- List-archive: https://lists.debian.org/msgid-search/20200221202204.niashoutb5spaqlz AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Fri, 21 Feb 2020 20:22:22 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <Egb6rlwXcuJ.A.7U.9vDUeB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4631-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pillow
CVE ID : CVE-2019-16865 CVE-2019-19911 CVE-2020-5311
CVE-2020-5312 CVE-2020-5313
Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service and potentially the
execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images
are processed.
For the oldstable distribution (stretch), these problems have been fixed
in version 4.0.0-4+deb9u1.
For the stable distribution (buster), these problems have been fixed in
version 5.4.1-2+deb10u1.
We recommend that you upgrade your pillow packages.
For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOzIACgkQEMKTtsN8
TjZzcg//eThj2Y9H99WWjofkjBkdatYwRdvjSonoBrJrCrz9QUVxXA/iNW/iq9yP
malKasWb4B4CqZhsOsJM3qF5nRb7UYvFR4RW5On/Q3pvtV4Gb5MoT+/e6yurKXmF
3mDh3NP52zpb5TECiIr8FicGz1oh5ouChwDUUAIuUTdbtR/gi8zzmaK+eE2XeGVD
4ZVyI+W/cj/57emvOtz1aBbEJZ8eNvrslDS5wCfOdGnixcZSDAfUWKUQmgAjZ0NQ
oH5AeHK6uAnrFFpaTv/o8SkTJJl8ciNO/XM42vfTO1qpVXsBMxAWrU6HrLITo5Y3
SSI1VV/2YBQLnzrwFBkLA+Eeo3v4z7bv1Z+4AGKfPDiw7s2BQ4yaQ+TiW64AfGNr
oIwEiQCO78EjcoMURfuypbqBZjC38TXMUk7nh6Yq5cOU9HY49TN1JlBPIfqot4A3
hBblu/eNhNeTuJESXkFWgFJcyym2g53QN8dUPs9vWMJuRy9bDn3HOAeFaXAsYkvG
WCn0BOS/GR+I1EH06gPszl65a1bVZo2TkEOhTKfvxHqtrNsfXVdhJzmjiOJrSbb6
7ZKNTicdmdBM5MQ9QL0FqMztOVWPmslqMJ0GILez4NBKXQKppOn6yABzkKDQS79b
7YgeXVatItdO/fJBKx3+/LCux3BOD+pLgCwJj3pXvW2XXcPWyYk=
=Wbg1
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4631-1] pillow security update, Moritz Muehlenhoff, 21.02.2020
Archiv bereitgestellt durch MHonArc 2.6.19.