CVS: cvs.openbsd.org: ports

Jasper Lievisse Adriaanse Fri, 11 Mar 2016 01:19:10 -0800

CVSROOT:        /cvs
Module name:    ports
Changes by:     jas...@cvs.openbsd.org  2016/03/11 02:17:30


Modified files:
        graphics/py-Pillow: Tag: OPENBSD_5_8 Makefile 
Added files:
        graphics/py-Pillow/patches: Tag: OPENBSD_5_8 
                                    patch-libImaging_PcdDecode_c 

Log message:
Add upstream patch to py-Pillow, fixing a buffer overflow in PcdDecode.c,
where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel
wide buffer, allowing writing 768 bytes off the end of the buffer. This
overwrites objects in Python's stack, leading to a crash.
https://github.com/python-pillow/Pillow/pull/1706, CVE-2016-2533

CVS: cvs.openbsd.org: ports

Reply via email to