From owner-freebsd-python@freebsd.org Thu Nov 10 22:45:45 2016 Return-Path: Delivered-To: freebsd-python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6093EC3A262 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 3ED63EB9 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3E27EC3A261; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) Delivered-To: python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DBD8C3A260 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27ADDEB1 for ; Thu, 10 Nov 2016 22:45:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uAAMjiZl056566 for ; Thu, 10 Nov 2016 22:45:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Date: Thu, 10 Nov 2016 22:45:44 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-patch, security X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vlad-fbsd@acheronmedia.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: koobs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status keywords bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2016 22:45:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214412 Bug ID: 214412 Summary: graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Product: Ports & Packages Version: Latest Hardware: Any URL: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3 .2.html OS: Any Status: New Keywords: needs-patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: koobs@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: ports-secteam@FreeBSD.org, python@FreeBSD.org Flags: maintainer-feedback?(koobs@FreeBSD.org) Assignee: koobs@FreeBSD.org * http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative im= age sizes in ImagingNew in Storage.c. A negative image size can lead to a small= er allocation than expected, leading to arbitrary writes. --=20 You are receiving this mail because: You are on the CC list for the bug.=