1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
PublicDateAtUSN: 2015-01-16
Candidate: CVE-2014-9601
PublicDate: 2015-01-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
https://github.com/python-pillow/Pillow/pull/1060
http://pillow.readthedocs.org/releasenotes/2.7.0.html
http://www.ubuntu.com/usn/usn-3090-2
http://www.ubuntu.com/usn/usn-3090-1
http://www.ubuntu.com/usn/usn-3230-1
http://www.ubuntu.com/usn/usn-3229-1
Description:
Pillow before 2.7.0 allows remote attackers to cause a denial of service
via a compressed text chunk in a PNG image that has a large size when it is
decompressed.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351
Priority: low
Discovered-by:
Assigned-to:
Patches_pillow:
upstream: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
upstream_pillow: released (2.7.0)
lucid_pillow: DNE
precise_pillow: DNE
trusty_pillow: released (2.3.0-1ubuntu3.4)
utopic_pillow: ignored (reached end-of-life)
vivid_pillow: not-affected (2.7.0-1)
vivid/stable-phone-overlay_pillow: DNE
vivid/ubuntu-core_pillow: DNE
wily_pillow: not-affected (2.7.0-1)
xenial_pillow: not-affected (2.7.0-1)
yakkety_pillow: not-affected (2.7.0-1)
devel_pillow: not-affected (2.7.0-1)
Patches_python-imaging:
upstream_python-imaging: needs-triage
precise_python-imaging: released (1.1.7-4ubuntu0.12.04.3)
trusty_python-imaging: DNE
vivid/stable-phone-overlay_python-imaging: DNE
vivid/ubuntu-core_python-imaging: DNE
xenial_python-imaging: DNE
yakkety_python-imaging: DNE
devel_python-imaging: DNE
|