[SECURITY] [DLA 2317-1] pillow security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2317-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
August 08, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : pillow
Version : 4.0.0-4+deb9u2
CVE ID : CVE-2020-10177
It was noticed that in Pillow before 7.1.0, there are multiple
out-of-bounds reads in libImaging/FliDecode.c.
For Debian 9 stretch, this problem has been fixed in version
4.0.0-4+deb9u2.
We recommend that you upgrade your pillow packages.
For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl8u6OcACgkQgj6WdgbD
S5bBwQ/+PCLae1ky4d/WeF769BoUXsdA9CQcy4ZMCKAoD2DCPDdRlo/uwjG1gfds
3dncVBxoWIvROAWLskjSJSQ73zdNcvzYWadfwGg9RjMuisGmY3QXTBE4473Xl0dp
aBejZ2++NZ5vwAzgsj6meeZQtIVbNcSkduT4fgUPXQAXUh5IYm+UcrU82j8VAbKx
J/z7iftO7OjaJEZegmBD7tBd3DiEtGceHHxzKik4r4gq1ZIPloz68kuI/DXp+XIS
hrEoshJvrJ2NtoUsrpRmWkO/aw0dkPJebeHs+mcXCpCobQ+lWiR7AUOnuzO/kGtO
pvzcfbBNQcTXX9uFPpin4ZVAtQecrzNlxx/WXIRtlowvMoh8y/3LuQOg4xEHIyWv
Ae+CwC/e8MdDVGvY+QTBjzXLrlURFw/USbLDzVCeXyvlXF2yGMvToyUibMZbPcs/
B+oGioE7BF7QSnSIlDQcEHUX9esYEg47GiHWh/SbWaSDOYZgOBlROzyKh4HQeQ/p
y2SVH8tKmBn+sJQdKD70y9iiz2UaMCuiSwwRTXx4Gsvj5wQpoSbiZMxbrRrKt5VX
ckfWReSLqiuWpddIWDzhsZ4AP2Lqv1XRAZj/h2jBb6coZdeKMv9fnpMoRiDrRsss
RTvxOfHh3us6K2KE/dGiBpzYM1rHKXwBoUCR3wVfiWHxVqYNTzA=
=uo3f
-----END PGP SIGNATURE-----
Reply to: