Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:pillow
User: [email protected]
Usertags: pu

One of the recent upstream security fixes had a regression with
very large PDF documents. This cherrypicks the followup fix
which has been confirmed by the reporter to address the issue.

All tests in debusine are fine as well. debdiff below.

Cheers,
        Moritz

diff -Nru pillow-11.1.0/debian/changelog pillow-11.1.0/debian/changelog
--- pillow-11.1.0/debian/changelog      2026-06-19 20:11:46.000000000 +0200
+++ pillow-11.1.0/debian/changelog      2026-07-03 12:06:00.000000000 +0200
@@ -1,3 +1,9 @@
+pillow (11.1.0-5+deb13u4) trixie; urgency=medium
+
+  * Followup fix for CVE-2026-42310 (Closes: #1141330)
+
+ -- Moritz Mühlenhoff <[email protected]>  Fri, 03 Jul 2026 22:03:44 +0200
+
 pillow (11.1.0-5+deb13u3) trixie-security; urgency=medium
 
   * CVE-2026-42308
diff -Nru pillow-11.1.0/debian/patches/CVE-2026-42310-fixup.patch 
pillow-11.1.0/debian/patches/CVE-2026-42310-fixup.patch
--- pillow-11.1.0/debian/patches/CVE-2026-42310-fixup.patch     1970-01-01 
01:00:00.000000000 +0100
+++ pillow-11.1.0/debian/patches/CVE-2026-42310-fixup.patch     2026-07-03 
12:07:44.000000000 +0200
@@ -0,0 +1,25 @@
+From 78ee80a6fdd4b787f71880f10e66d6b989c6e58d Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <[email protected]>
+Date: Wed, 13 May 2026 11:14:41 +0200
+Subject: [PATCH] PdfParser: Don't use list as def in read_prev_trailer
+
+--- pillow-11.1.0.orig/src/PIL/PdfParser.py
++++ pillow-11.1.0/src/PIL/PdfParser.py
+@@ -684,7 +684,7 @@ class PdfParser:
+             self.read_prev_trailer(self.trailer_dict[b"Prev"])
+ 
+     def read_prev_trailer(
+-        self, xref_section_offset: int, processed_offsets: list[int] = []
++        self, xref_section_offset: int, processed_offsets: list[int] = None
+     ) -> None:
+         assert self.buf is not None
+         trailer_offset = 
self.read_xref_table(xref_section_offset=xref_section_offset)
+@@ -700,6 +700,8 @@ class PdfParser:
+         )
+         trailer_dict = self.interpret_trailer(trailer_data)
+         if b"Prev" in trailer_dict:
++            if processed_offsets is None:
++                processed_offsets = []
+             processed_offsets.append(xref_section_offset)
+             check_format_condition(
+                 trailer_dict[b"Prev"] not in processed_offsets, "trailer loop 
found"
diff -Nru pillow-11.1.0/debian/patches/series 
pillow-11.1.0/debian/patches/series
--- pillow-11.1.0/debian/patches/series 2026-06-19 18:03:34.000000000 +0200
+++ pillow-11.1.0/debian/patches/series 2026-07-03 12:06:59.000000000 +0200
@@ -10,3 +10,4 @@
 CVE-2026-42308.patch
 CVE-2026-42310.patch
 CVE-2026-42311.patch
+CVE-2026-42310-fixup.patch

Reply via email to