pillow: patch or security update to 6.2.0 #2032

KexyBiscuit · 2019-10-08T05:00:34Z

CVE IDs: CVE-2019-16865

Other security advisory IDs: N/A

Descriptions: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

Patches: python-pillow/Pillow#4101, python-pillow/Pillow#4102, python-pillow/Pillow#4103, python-pillow/Pillow#4104

PoC(s): N/A

Architectural progress:

AMD64 amd64
AArch64 arm64
ARMv7 armel
PowerPC 64-bit BE ppc64

The text was updated successfully, but these errors were encountered:

MingcongBai · 2020-04-20T23:11:40Z

All done. @l2dy Please assign an AOSA.

l2dy · 2020-04-21T05:11:12Z

Use AOSA-2020-0071.

KexyBiscuit added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-testing labels Oct 8, 2019

KexyBiscuit added this to the Fall 2019 milestone Oct 8, 2019

KexyBiscuit self-assigned this Oct 8, 2019

MingcongBai removed the to-testing label Apr 20, 2020

MingcongBai closed this as completed Apr 20, 2020

MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pillow: patch or security update to 6.2.0 #2032

pillow: patch or security update to 6.2.0 #2032

KexyBiscuit commented Oct 8, 2019 •

edited by MingcongBai

MingcongBai commented Apr 20, 2020

l2dy commented Apr 21, 2020

pillow: patch or security update to 6.2.0 #2032

pillow: patch or security update to 6.2.0 #2032

Comments

KexyBiscuit commented Oct 8, 2019 • edited by MingcongBai

MingcongBai commented Apr 20, 2020

l2dy commented Apr 21, 2020

KexyBiscuit commented Oct 8, 2019 •

edited by MingcongBai