[SECURITY] [DSA 6219-1] pillow security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6219-1] pillow security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 19 Apr 2026 18:22:47 +0000
Message-id: <[🔎] aeUddzt5VZz3ylkq@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6219-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 19, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pillow
CVE ID         : CVE-2026-40192

It was discovered that missing input sanitising in the FITS support of
Pillow, a Python imaging library, could result in denial of service.

The oldstable distribution (bookworm) is not affected.

For the stable distribution (trixie), this problem has been fixed in
version 11.1.0-5+deb13u2.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnlG1AACgkQEMKTtsN8
TjZ5pw//ZhrwT5Uvs+C3LLazO8yJ9E6N7OEed0YQJ2zqtC9NcDMc/FprWSNfF0ge
Mufc+2GS20rXcMQWHjIWiF0rm+78OKtBPhRKzib8sE9h1RcnKzuBJNlzw+GjmAEl
CYebPZVoD2I+vwn6q1KSq7lRL8tJzTGnSMV+5jQa/6cSmwqP39pP+THPTuhVIws7
ooltIcpcZreLalJP7GoHPmUeSdT0MTVncDVQpGJ4ACogfQ/RPVwElsZlQr3ZFflt
X+LiQJEsbu1DUaHl0nDkyYGlYF0dRWqBuvoQMnQfnyJdp9zZauS3329yCMh2UrsF
CelRICrpMzZmUes6agpHs9I+Z4N2F8MpZ5LCp3JgsiJcqP6vgna82Qx91A3VH9Wd
2fnpNn7luUKvbhw9EHX2jTBKiMz09nACQq3Uxl3XzDFpB65XJVSm2Wut9saC/biV
wmnXFCWUAyXb6pB/R7ye+2ga3f0d1MGWZmU0VIv3HKWu3Mg2g34DK+P7obKz5hOs
ahKxKR1KwnGl2trdgxdsL/p4IHKNThNOvZfxOj4sFG1dLRJa4ry8QKtlaqsus/zl
sEyTx/xZ5pfp4yl3zp0f+i9Oas5pNB8Vszb9SWqRu9zEahjJ7QgMfpJo9pNHcJxv
TPDt4a6TKFn815fW+W9c+ZCF9+UCBnItiWJ85BSAKgrOT2H7HKE=
=MECh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6218-1] mupdf security update
Next by Date: [SECURITY] [DSA 6220-1] simpleeval security update
Previous by thread: [SECURITY] [DSA 6218-1] mupdf security update
Next by thread: [SECURITY] [DSA 6220-1] simpleeval security update
Index(es):
- Date
- Thread