Bug#991298: marked as done (unblock: pillow/8.1.2+dfsg-0.3)

To: Graham Inggs <ginggs@debian.org>
Subject: Bug#991298: marked as done (unblock: pillow/8.1.2+dfsg-0.3)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 20 Jul 2021 15:57:06 +0000
Message-id: <[🔎] handler.991298.D991298.162679641329778.ackdone@bugs.debian.org>
Reply-to: 991298@bugs.debian.org
References: <CAM8zJQsfZvXFbRcA8bDHpUhr3fsMecWtkdVmr3B3qWAje285PQ@mail.gmail.com> <[🔎] 162677151294.1063.13454842177657028818.reportbug@felix.codehelp>

Your message dated Tue, 20 Jul 2021 17:53:18 +0200
with message-id <CAM8zJQsfZvXFbRcA8bDHpUhr3fsMecWtkdVmr3B3qWAje285PQ@mail.gmail.com>
and subject line Re: Bug#991298: unblock: pillow/8.1.2+dfsg-0.3
has caused the Debian Bug report #991298,
regarding unblock: pillow/8.1.2+dfsg-0.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991298: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991298
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: pillow/8.1.2+dfsg-0.3
From: Neil Williams <codehelp@debian.org>
Date: Tue, 20 Jul 2021 09:58:32 +0100
Message-id: <[🔎] 162677151294.1063.13454842177657028818.reportbug@felix.codehelp>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pillow

8.1.2+dfsg-0.3 includes fix for CVE-2021-34552

unblock pillow/8.1.2+dfsg-0.3

diffstat for pillow-8.1.2+dfsg pillow-8.1.2+dfsg

 changelog                    |    8 ++++++++
 patches/CVE-2021-34552.patch |   40 ++++++++++++++++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 49 insertions(+)

diff -Nru pillow-8.1.2+dfsg/debian/changelog pillow-8.1.2+dfsg/debian/changelog
--- pillow-8.1.2+dfsg/debian/changelog	2021-06-13 17:11:04.000000000 +0100
+++ pillow-8.1.2+dfsg/debian/changelog	2021-07-19 09:52:20.000000000 +0100
@@ -1,3 +1,11 @@
+pillow (8.1.2+dfsg-0.3) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2021-34552 - Replace sprintf with snprintf. Backport upstream change
+    from 8.3 to 8.1. 
+
+ -- Neil Williams <codehelp@debian.org>  Mon, 19 Jul 2021 09:52:20 +0100
+
 pillow (8.1.2+dfsg-0.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru pillow-8.1.2+dfsg/debian/patches/CVE-2021-34552.patch pillow-8.1.2+dfsg/debian/patches/CVE-2021-34552.patch
--- pillow-8.1.2+dfsg/debian/patches/CVE-2021-34552.patch	1970-01-01 01:00:00.000000000 +0100
+++ pillow-8.1.2+dfsg/debian/patches/CVE-2021-34552.patch	2021-07-19 09:51:59.000000000 +0100
@@ -0,0 +1,40 @@
+From 5f4504bb03f4edeeef8c2633dc5ba03a4c2a8a97 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Tue, 15 Jun 2021 15:14:26 +1000
+Subject: [PATCH 1/2] Limit sprintf modes to 10 characters
+
+From 518ee3722a99d7f7d890db82a20bd81c1c0327fb Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date: Wed, 30 Jun 2021 23:47:10 +1000
+Subject: [PATCH 2/2] Use snprintf instead of sprintf
+
+* https://github.com/python-pillow/Pillow/pull/5567/files
+* Replace sprintf with snprintf in src/libImaging/Convert.c
+
+---
+--- a/src/libImaging/Convert.c
++++ b/src/libImaging/Convert.c
+@@ -1664,9 +1664,8 @@
+ #ifdef notdef
+         return (Imaging) ImagingError_ValueError("conversion not supported");
+ #else
+-        static char buf[256];
+-        /* FIXME: may overflow if mode is too large */
+-        sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
++        static char buf[100];
++        snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
+         return (Imaging) ImagingError_ValueError(buf);
+ #endif
+     }
+@@ -1724,9 +1723,8 @@
+     }
+ #else
+     {
+-      static char buf[256];
+-      /* FIXME: may overflow if mode is too large */
+-      sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
++      static char buf[100];
++      snprintf(buf, 100, "conversion from %.10s to %.10s not supported in convert_transparent", imIn->mode, mode);
+       return (Imaging) ImagingError_ValueError(buf);
+     }
+ #endif
diff -Nru pillow-8.1.2+dfsg/debian/patches/series pillow-8.1.2+dfsg/debian/patches/series
--- pillow-8.1.2+dfsg/debian/patches/series	2021-06-13 17:10:51.000000000 +0100
+++ pillow-8.1.2+dfsg/debian/patches/series	2021-07-19 09:45:27.000000000 +0100
@@ -7,3 +7,4 @@
 CVE-2021-28676.patch
 CVE-2021-28677.patch
 CVE-2021-28678.patch
+CVE-2021-34552.patch

--- End Message ---

--- Begin Message ---

To: Neil Williams <codehelp@debian.org>, 991298-done@bugs.debian.org

Subject: Re: Bug#991298: unblock: pillow/8.1.2+dfsg-0.3

From: Graham Inggs <ginggs@debian.org>

Date: Tue, 20 Jul 2021 17:53:18 +0200

Message-id: <CAM8zJQsfZvXFbRcA8bDHpUhr3fsMecWtkdVmr3B3qWAje285PQ@mail.gmail.com>

In-reply-to: <[🔎] 162677151294.1063.13454842177657028818.reportbug@felix.codehelp>

References: <[🔎] 162677151294.1063.13454842177657028818.reportbug@felix.codehelp>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#991298: unblock: pillow/8.1.2+dfsg-0.3
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Bug#991321: unblock: dovecot/1:2.3.13+dfsg1-2
Next by Date: Bug#991270: marked as done (unblock: suricata/6.0.1-3)
Previous by thread: Bug#991298: unblock: pillow/8.1.2+dfsg-0.3
Next by thread: Bug#991302: unblock: smem/1.5-1.1
Index(es):
- Date
- Thread