[SECURITY] [DSA 5704-1] pillow security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5704-1] pillow security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 5 Jun 2024 18:58:57 +0000
Message-id: <[🔎] ZmC1cc3u8vTk+hu1@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5704-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 05, 2024                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pillow
CVE ID         : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 8.1.2+dfsg-0.3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.0-1.1+deb12u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8
TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH
9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBn
Yl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo
8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCC
bRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0
QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1
DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSb
CgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22
kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk
5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc5
9dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE=
=oUWM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5703-1] linux security update
Next by Date: [SECURITY] [DSA 5705-1] tinyproxy security update
Previous by thread: [SECURITY] [DSA 5703-1] linux security update
Next by thread: [SECURITY] [DSA 5705-1] tinyproxy security update
Index(es):
- Date
- Thread