From owner-freebsd-ports-bugs@freebsd.org Thu Nov 10 22:45:45 2016 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F8BFC3A268 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 85E48EC8 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uAAMjiZr056566 for ; Thu, 10 Nov 2016 22:45:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Date: Thu, 10 Nov 2016 22:45:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-patch, security X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vlad-fbsd@acheronmedia.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: koobs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status keywords bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2016 22:45:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214412 Bug ID: 214412 Summary: graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Product: Ports & Packages Version: Latest Hardware: Any URL: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3 .2.html OS: Any Status: New Keywords: needs-patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: koobs@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: ports-secteam@FreeBSD.org, python@FreeBSD.org Flags: maintainer-feedback?(koobs@FreeBSD.org) Assignee: koobs@FreeBSD.org * http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative im= age sizes in ImagingNew in Storage.c. A negative image size can lead to a small= er allocation than expected, leading to arbitrary writes. --=20 You are receiving this mail because: You are the assignee for the bug.=