[SECURITY] [DLA 3786-1] pillow security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3786-1] pillow security update
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 10 Apr 2024 23:54:46 +0300
Message-id: <[🔎] Zhb8lh2BmMEy9RwZ@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3786-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 10, 2024                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pillow
Version        : 5.4.1-2+deb10u6
CVE ID         : CVE-2024-28219

A buffer overflow in _imagingcms.c was fixed in Pillow,
an image processing library for Python.

For Debian 10 buster, this problem has been fixed in version
5.4.1-2+deb10u6.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYW/JIACgkQiNJCh6LY
mLGV4g/+Mjsiv7qkJ3Q+itDho3j0CChxqNdk/nzeodIDVIOJKiJS3vDyIl+qO2Qd
RHC4JRCh71stGIJzqs16bcScUFcq1QOxq3Y9x/4rxpZuwzbAaltjYkbu/CReGxCC
KRZmYKbxVwUeQjCNZ/gzRA+YPT51CI1vavYH2ml/Pdh1VTkHY2xDm0fCBnFO6Y8g
idjHOc5+b9tVjV0wX/aMMpocU87EJGUTwu8gLl5eHyuFzzPYzOviz2ZHV514nRgr
2I2Bjkiu1az2l/OjJLGVCgRKjGxcPL6xxENGcofIEFyKZNWxuNSNO1dWYl9N/7pk
6u0u3f8L8VeogsafLVMAAK4M39nBIyl5cSvLgz8qgWSUvNwHRLvEB2pN5elvPxqH
y1ZtnQjmV7/MOyvGAIjxAz+VDF+X382yaQDxT2+qeOIPessTIytyeVsC0cs6/vmN
o8PjE1b4KWFwmVcCJH7xJnxIBFWWuYSN/N4hfxh7JRLW0okrEfCxzBM9H2mh654x
oQLkmITlSH7wd3NCUn7/EQVvqVfWCy+jC0fMyTfPzSaViUmGCvW44AlyDcMdx41E
huPKV9RvXuW57zrEk9fUAZS4nowPFMI9/URlh5eWTLkcPcqjaTMkGjGw3wwL8t0y
bFVZc3oxNY0Ug7pun+jW9gVsrOmZD192XjbKUjczgcPsSt09BpU=
=8ogI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3785-1] gtkwave security update
Next by Date: [SECURITY] [DLA 3787-1] xorg-server security update
Previous by thread: [SECURITY] [DLA 3785-1] gtkwave security update
Next by thread: [SECURITY] [DLA 3787-1] xorg-server security update
Index(es):
- Date
- Thread