Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5704-1] pillow security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5704-1] pillow security update


Chronologisch Thread  
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5704-1] pillow security update
  • Date: Wed, 5 Jun 2024 18:58:57 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZmC1cc3u8vTk+hu1 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=OC1vzdx3Atf3cCwH4R4YdH39q0gZKMdRG1wxxpdkNrU=; b=uF 0ZPxUgw+JD5X0FPRCXdcbynAErKyhIRIOH1kYn7LGpEGxQr1E3VuB/tHs/UB7bR6NoyAliJAGGU/I 5WhFTyAuZGdN8kaIRAQZVcfW3kxMYflnVD8vWGpKdKLg0uR2Z8O6I0MNc1Zg2IG1NNyD5zOA0YV1H dBBs4lEd2a+MIjCDGGsPO1HLJavSf/JwcyEkuqabNKjynqoPISSmw3fve7bTQPgocXWlnQz60L/wa fSz5yloYjPA4Qif1Goe31e9Wp7u1cUU/PBSEbG7ZzzjwL9ahE7hnmR4BTnqwQcWlW7IxsrtH6kBTr BThynTyfrwReO8zN4fZ1OxsnrvIqxuaw==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 5 Jun 2024 18:59:18 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <YpzI0K8ygwN.A.b-zJ.GWLYmB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5704-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 05, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pillow
CVE ID : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 8.1.2+dfsg-0.3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.0-1.1+deb12u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8
TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH
9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBn
Yl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo
8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCC
bRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0
QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1
DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSb
CgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22
kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk
5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc5
9dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE=
=oUWM
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5704-1] pillow security update, Moritz Muehlenhoff, 05.06.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang