Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Pillow for openSUSE:Factory
checked in at 2021-03-12 13:30:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Pillow (Old)
and /work/SRC/openSUSE:Factory/.python-Pillow.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Pillow"
Fri Mar 12 13:30:58 2021 rev:46 rq:877608 version:8.1.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Pillow/python-Pillow.changes
2021-02-01 13:28:44.758153726 +0100
+++ /work/SRC/openSUSE:Factory/.python-Pillow.new.2401/python-Pillow.changes
2021-03-12 13:31:16.742154099 +0100
@@ -1,0 +2,25 @@
+Mon Mar 8 09:01:06 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 8.1.2:
+ - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO
(CVE-2021-27923) Image Plugins
+
+-------------------------------------------------------------------
+Wed Mar 3 07:41:14 UTC 2021 - Adrian Schr??ter <adr...@suse.de>
+
+- Update to 8.1.1
+ Security
+ * CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent due to
incorrect error checking in TiffDecode.c.
+ * CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an
invalid size
+ * CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an
OOB Read in TiffReadRGBATile
+ * CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that
could be used as a DOS attack.
+ * CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, since
pillow 4.3.0.
+
+ There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP container
formats where Pillow
+ did not properly check the reported size of the contained image. These
images could cause
+ arbitrariliy large memory allocations. This was reported by Jiayi Lin, Luke
Shaffer, Xinran Xie,
+ and Akshay Ajayan of ASU.edu.
+
+ Other Changes
+ A crash with the feature flags for LibJpeg and Webp on unreleased Python
3.10 has been fixed
+
+-------------------------------------------------------------------
Old:
----
Pillow-8.1.0.tar.gz
New:
----
Pillow-8.1.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Pillow.spec ++++++
--- /var/tmp/diff_new_pack.4xt3To/_old 2021-03-12 13:31:17.678155412 +0100
+++ /var/tmp/diff_new_pack.4xt3To/_new 2021-03-12 13:31:17.682155417 +0100
@@ -20,7 +20,7 @@
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Pillow
-Version: 8.1.0
+Version: 8.1.2
Release: 0
Summary: Python Imaging Library (Fork)
License: HPND
++++++ Pillow-8.1.0.tar.gz -> Pillow-8.1.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-Pillow/Pillow-8.1.0.tar.gz
/work/SRC/openSUSE:Factory/.python-Pillow.new.2401/Pillow-8.1.2.tar.gz differ:
char 5, line 1
