CVSROOT: /cvs Module name: ports Changes by: jas...@cvs.openbsd.org 2016/03/11 02:17:30
Modified files: graphics/py-Pillow: Tag: OPENBSD_5_8 Makefile Added files: graphics/py-Pillow/patches: Tag: OPENBSD_5_8 patch-libImaging_PcdDecode_c Log message: Add upstream patch to py-Pillow, fixing a buffer overflow in PcdDecode.c, where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel wide buffer, allowing writing 768 bytes off the end of the buffer. This overwrites objects in Python's stack, leading to a crash. https://github.com/python-pillow/Pillow/pull/1706, CVE-2016-2533