File _patchinfo of Package patchinfo.4771

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.4771

<patchinfo incident="4771">
  <issue id="965579" tracker="bnc">VUL-0: CVE-2016-0740: python-pillow: Integer overflow resulting in buffer overflow when reading invalid tiff file</issue>
  <issue id="965582" tracker="bnc">VUL-0: CVE-2016-0775: python-pillow: Buffer overflow in FliDecode.c</issue>
  <issue id="CVE-2016-0775" tracker="cve" />
  <issue id="CVE-2016-0740" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>
This update for python-Pillow fixes the following issues:

- backport security fixes from 3.1.1 (Pillow-overflows.patch):
  * Fixed an integer overflow in Resample.c causing writes in the Python heap. 
  * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening 
    PhotoCD files. CVE-2016-TBD
  * Fixed a buffer overflow in FliDecode.c causing a segfault when opening 
    FLI files. CVE-2016-0775 (fixes boo#965582)
  * Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of 
    memory to be overwritten when opening a specially crafted invalid TIFF 
    file. CVE-2016-0740 (fixes boo#965579)
</description>
  <summary>Security update for python-Pillow</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.4771

Places