Debian Patches

Status for pillow/8.1.2+dfsg-0.3+deb11u2

Patch Description Author Forwarded Bugs Origin Last update
toplevel-setup.py no
generate-webp-file no
js-script-file.diff no
no-sphinx-removed-in.diff no
CVE-2021-25287_CVE-2021-25288.patch [PATCH] Fix OOB Read in Jpeg2KDecode CVE-2021-25287,CVE-2021-25288
* For J2k images with multiple bands, it's legal in to have different
widths for each band, e.g. 1 byte for L, 4 bytes for A
* This dates to Pillow 2.4.0		 Eric Soroos <eric-github@soroos.net> no 2021-03-07
CVE-2021-28675.patch [PATCH] Fix DOS in PSDImagePlugin -- CVE-2021-28675
* PSDImagePlugin did not sanity check the number of input layers and
vs the size of the data block, this could lead to a DOS on
Image.open prior to Image.load.
* This issue dates to the PIL fork		 Eric Soroos <eric-github@soroos.net> no 2021-03-07
CVE-2021-28676.patch [PATCH] Fix FLI DOS -- CVE-2021-28676
* FliDecode did not properly check that the block advance was
non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz		 Eric Soroos <eric-github@soroos.net> no 2021-03-11
CVE-2021-28677.patch [PATCH] Fix EPS DOS on _open -- CVE-2021-28677
* The readline used in EPS has to deal with any combination of \r and
\n as line endings. It used an accidentally quadratic method of
accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
the open phase, before an image was accepted for opening.
* This dates to the PIL Fork

diff --git a/src/PIL/EpsImagePlugin.py b/src/PIL/EpsImagePlugin.py
index dc61f48edc9..3bf8ee0ab35 100644		 Eric Soroos <eric-github@soroos.net> no 2021-03-08
CVE-2021-28678.patch [PATCH] Fix BLP DOS -- CVE-2021-28678
* BlpImagePlugin did not properly check that reads after jumping to
file offsets returned data. This could lead to a DOS where the
decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0

diff --git a/src/PIL/BlpImagePlugin.py b/src/PIL/BlpImagePlugin.py
index 88aae80eb96..e07474621d9 100644		 Eric Soroos <eric-github@soroos.net> no 2021-03-07
CVE-2021-34552.patch [PATCH 2/2] Use snprintf instead of sprintf
* https://github.com/python-pillow/Pillow/pull/5567/files
* Replace sprintf with snprintf in src/libImaging/Convert.c		 Andrew Murray <radarhere@users.noreply.github.com> no 2021-06-30
CVE-2022-22815_CVE-2022-22816_CVE-2022-22817.patch Backport of
https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (CVE-2022-22815)
https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (CVE-2022-22816)
https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (CVE-2022-22817)		 no
CVE-2022-22817-2.patch Restrict builtins within lambdas for ImageMath.eval
(cherry picked from commit c930be0758ac02cf15a2b8d5409d50d443550581)		 Andrew Murray <radarhere@users.noreply.github.com> no 2022-01-10
dont-allow-__-or-builtins-in-env-diction.patch Don't allow __ or builtins in env dictionarys for ImageMath.eval
(cherry picked from commit 45c726fd4daa63236a8f3653530f297dc87b160a)		 Eric Soroos <eric-github@soroos.net> no 2023-10-27
allow-ops.patch Allow ops
(cherry picked from commit 0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80)		 Andrew Murray <radarhere@users.noreply.github.com> no 2023-10-28
include-further-builtins.patch Include further builtins
(cherry picked from commit 557ba59d13de919d04b3fd4cdef8634f7d4b3348)		 Andrew Murray <radarhere@users.noreply.github.com> no 2023-12-30
use-strncpy-to-avoid-buffer-overflow.patch Use strncpy to avoid buffer overflow
(cherry picked from commit 2a93aba5cfcf6e241ab4f9392c13e3b74032c061)		 Andrew Murray <radarhere@users.noreply.github.com> no 2024-02-22
added-imagefont.max_string_length.patch Added ImageFont.MAX_STRING_LENGTH
(cherry picked from commit 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7)		 Andrew Murray <radarhere@users.noreply.github.com> no 2023-06-30

All known versions for source package 'pillow'

Links