Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-Pillow

Gayane Osipyan's avatar Gayane Osipyan (gosipyan) accepted request 1142579 from Gayane Osipyan's avatar Gayane Osipyan (gosipyan) (revision 10) 
- Add CVE-2023-44271.patch to fix uncontrolled resource consumption
  when textlength in an ImageDraw instance operates on a long text
  argument
  bsc#1216894, CVE-2023-44271
Gayane Osipyan's avatar Gayane Osipyan (gosipyan) accepted request 1140839 from Darragh O'Reilly's avatar Darragh O'Reilly (doreilly) (revision 9) 
- Add 031-CVE-2023-50447.patch
   * From upstream, backported
   * Fixes CVE-2023-50447, bsc#1219048
Jan Zerebecki's avatar Jan Zerebecki (jzerebecki) accepted request 975059 from Gayane Osipyan's avatar Gayane Osipyan (gosipyan) (revision 8) 
- Add 030-CVE-2022-22817.patch
- Add 028-CVE-2022-22815.patch
- Add 029-CVE-2022-22816.patch
- Add 027-CVE-2021-23437.patch
   * From upstream, backported
   * Fixes CVE-2021-23437, bsc#1190229

- Add 026-CVE-2021-34552.patch
   * From upstream, backported
   * Fixes CVE-2021-34552, bsc#1188574
Guang Yee's avatar Guang Yee (yeey) accepted request 969572 from Meera Belur's avatar Meera Belur (mbelur) (revision 7) 
- Add 028-CVE-2022-22817.patch
   * From upstream, backported
   * Fixes CVE-2022-22817, bsc#1194521 
   * test from upstream updated for python2
Jan Zerebecki's avatar Jan Zerebecki (jzerebecki) accepted request 967161 from Meera Belur's avatar Meera Belur (mbelur) (revision 6) 
- Add 026-CVE-2022-22815.patch
   * From upstream, backported
   * Fixes CVE-2022-22815, bsc#1194552
- Add 027-CVE-2022-22816.patch
   * From upstream, backported
   * Fixes CVE-2022-22816, bsc#1194551
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 899425 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 5) 
- Add 020-CVE-2020-35653.patch
   * From upstream, backported
   * Fixes CVE-2020-35653, bsc#1180834
- Add 021-CVE-2021-25287+8.patch
   * From upstream, backported
   * Fixes CVE-2021-25287, CVE-2021-25288, bsc#1185805, bsc#1185803
- Add 022-CVE-2021-28675.patch
   * From upstream, backported
   * Fixes CVE-2021-28675, bsc#1185804
- Add 023-CVE-2021-28678.patch
   * From upstream, backported
   * Fixes CVE-2021-28678, bsc#1185784
- Add 024-CVE-2021-28677.patch
   * From upstream, backported
   * Fixes CVE-2021-28677, bsc#1185785
- Add 025-CVE-2021-28676.patch
   * From upstream, backported
   * Fixes CVE-2021-28676, bsc#1185786

- Add 014-Tests-for-tiff-crashes.patch
   * From upstream, backported
   * Base change for later CVE test cases + on_ci() helper
- Add 015-Fix-for-SGI-Decode-buffer-overrun.patch
   * From upstream, backported
   * Fixes CVE-2020-35655, bsc#1180832
- Add 016-Fix-OOB-read-in-SgiRleDecode.patch
   * From upstream, backported
   * CVE-2021-25293, bsc#1183102
- Add 017-Fix-negative-size-read-in-TiffDecode.patch
   * From upstream, backported
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 818059 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 4) 
- Add 010-Fix-OOB-reads-in-FLI-decoding.patch
   * From upstream, backported
   * Fixes CVE-2020-10177, bsc#1173413
- Add 011-Fix-buffer-overflow-in-SGI-RLE-decoding.patch
   * From upstream, backported
   * Fixes CVE-2020-11538, bsc#1173420
- Add 012-Fix-bounds-overflow-in-JPEG-2000-decoding.patch
   * From upstream, backported
   * Fixes CVE-2020-10994, bsc#1173418
- Add 013-Fix-bounds-overflow-in-PCX-decoding.patch
   * From upstream, backported
   * Fixes CVE-2020-10378, bsc#1173416
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 816080 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 3) 
- Remove decompression_bomb.gif and relevant test case to avoid
  ClamAV scan alerts during build
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 811228 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 2) 
- Add 001-Corrected-negative-seeks.patch
   * From upstream, backported
   * Fixes part of CVE-2019-16865, bsc#1153191
- Add 002-Added-decompression-bomb-checks.patch
   * From upstream, backported
   * Fixes part of CVE-2019-16865, bsc#1153191
- Add 003-Raise-error-if-dimension-is-a-string.patch
   * From upstream, backported
   * Fixes part of CVE-2019-16865, bsc#1153191
- Add 004-Catch-buffer-overruns.patch
   * From upstream, backported
   * Fixes part of CVE-2019-16865, bsc#1153191
- Add 005-Catch-PCX-P-mode-buffer-overrun.patch
   * From upstream, backported
   * Fixes CVE-2020-5312, bsc#1160152
- Add 006-Catch-SGI-buffer-overruns.patch
   * From upstream, backported
   * Fixes CVE-2020-5311, bsc#1160151
- Add 007-Ensure-previous-FLI-frame-is-loaded.patch
   * From upstream, backported
   * Fixes https://github.com/python-pillow/Pillow/issues/2649
   * Uncovers CVE-2020-5313, bsc#1160153
- Add 008-Catch-FLI-buffer-overrun.patch
   * From upstream, backported
   * Fixes CVE-2020-5313, bsc#1160153
- Add 009-Invalid-number-of-bands-in-FPX-image.patch
   * From upstream, backported
   * Fixes CVE-2019-19911, bsc#1160192
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 1) 
osc copypac from project:Cloud:OpenStack:Master package:python-Pillow revision:1, using expand
Displaying all 10 revisions
openSUSE Build Service is sponsored by
Places