1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3710-1] pillow security update

    From Moritz Muehlenhoff@1:229/2 to All on Thu Nov 10 23:20:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3710-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 10, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pillow
    CVE ID : CVE-2016-9189 CVE-2016-9190

    Cris Neckar discovered multiple vulnerabilities in Pillow, a Python
    imaging library, which may result in the execution of arbitrary code or information disclosure if a malformed image file is processed.

    For the stable distribution (jessie), these problems have been fixed in
    version 2.6.1-2+deb8u3.

    For the testing distribution (stretch), these problems have been fixed
    in version 3.4.2-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 3.4.2-1.

    We recommend that you upgrade your pillow packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIcBAEBCAAGBQJYJPAgAAoJEBDCk7bDfE421K8QAIMule3HpGCBoZzgr4q/klhm 2PVJsVojEZmThAoi+3ag2U/+tCVuCQygpCo7GEvffpYKk8a1JNbPAOrVR1DeExzO dD6H9W3K11rMxn298yESNxqHdME/h3IC7iqeGnL1ZWMi8/YnAofzt+DnoOF+iHLQ uK238iUSe5cPvL3K46G6vHIQc44bW7vhlLV6xKRw8VgkDD9+kq2rv+gxEqmMUV50 kX0Q/Vul1qUopbr8OhUsKTf8XvYlSx6vajw/Rgfg0BsBb1S4a/JIAfbX0CecpgSm Be4oHyaN1N41ZYfkZSK9ehRaQOkWEKL90hDTwUgswY9xV2n6vZD3sZZTz5TLi9sz TB8Segnty6SWjPDZU/ox/GyePujK7OfKf0/SY5FaLuL73D6LpHSAXm15mvX4BMQ2 mxA7LWgits+M6vHA242Un43lBFnprKPvT2cw9Rv01s9wj8NAa1o049fLkNe16Kl7 Zv4wXIFrDMT9wlGPfoG3dILLLoKEiyQZbLbEZMsv+o7n4E+QyFKruaQdLKtdDd9T kh287vjoEDZgWTEdfV/9rLtqDcLT7mn20wWKf6kKLrNKSenguEiR1LmxL4s9uSSn dO994c0VO+9B9gjA7lr2PyPQ29EhjhkqSOnHdv57l9G+THWV+gRPtyC1crAH4g8A WL8qz/c75BNGap0x0Gv7
    =N5cx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)