• [SECURITY] [DSA 5704-1] pillow security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Jun 5 21:10:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5704-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    June 05, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pillow
    CVE ID : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219

    Multiple security issues were discovered in Pillow, a Python imaging
    library, which could result in denial of service or the execution of
    arbitrary code if malformed images are processed.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 8.1.2+dfsg-0.3+deb11u2.

    For the stable distribution (bookworm), these problems have been fixed in version 9.4.0-1.1+deb12u1.

    We recommend that you upgrade your pillow packages.

    For the detailed security status of pillow please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/pillow

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8 TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH 9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBn Yl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo 8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCC bRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0 QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1 DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSb CgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22 kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk 5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc5 9dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE=
    =oUWM
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)