[Bug 1628351] Re: PNG loading degraded
2.3.0-1ubuntu3.3 was released to address this issue. ** Changed in: pillow (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628351] Re: PNG loading degraded
The attachment "fix for text chunk loading" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628351] Re: PNG loading degraded
** Changed in: pillow (Ubuntu) Assignee: (unassigned) => Emily Ratliff (emilyr) ** Changed in: pillow (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628351] Re: PNG loading degraded
This bug appears to have been introduced with `pillow- CVE-2014-9601.patch` as part of `2.3.0-1ubuntu3.2`. This patch was sourced (at least partially) from this Pillow commit: https://github.com/python- pillow/Pillow/commit/0b75526ffe41a4697231beb8b5740617c98f290b However, this commit occurs after an earlier commit that changes all instances of `len` to `length`, to prevent shadowing: https://github.com/python- pillow/Pillow/commit/d594c0241aabeda6725fefc44ccc7f945c0464c9 As such, it crashes whenever you try to read any PNG with a text chunk. Since this is specifically the use-case the CVE patch was designed for, I find it surprising that apparently nobody tested it. I have created and attached a patch for `2.3.0-1ubuntu3.2` that works on the PNG's I've tried. Instead of renaming all instances of `len`, it just does the minimal changes needed to get this to work. It's up to you guys whether you'd rather follow upstream or not, but please fix this fast, because this is a pretty serious bug. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9601 ** Attachment added: "fix for text chunk loading" https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+attachment/4751405/+files/fix-CVE-2014-9601.patch.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628351] Re: PNG loading degraded
Confirmed: python-pil 2.3.0-1ubuntu3 works as expected, and python-pil 2.3.0-1ubuntu3.2 fails. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1628351] Re: PNG loading degraded
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: pillow (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1628351 Title: PNG loading degraded To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
