CVE-2019-16865 (https://nvd.nist.gov/vuln/detail/CVE-2019-16865): An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Keywords for dev-python/pillow: | | u | | a a a p s r | n | | l m r i p h m s p i m | e u s | r | p d a m a p c x p 6 3 a s i | a s l | e | h 6 r 6 6 p 6 8 p 8 9 s r c p | p e o | p | a 4 m 4 4 c 4 6 a k 0 h c v s | i d t | o ------------+-------------------------------+-------+------- 3.4.2-r1 | + + + ~ + + + + + o o o + o o | 6 o 0 | gentoo 5.4.1 | + + + ~ o + + + ~ o o o o o o | 7 o | gentoo 6.0.0 | ~ + + + o ~ ~ ~ ~ o o o o o o | 7 o | gentoo 6.1.0 | ~ ~ ~ ~ o ~ ~ ~ ~ o o o ~ o o | 7 # | gentoo 6.2.0 | ~ ~ ~ ~ o ~ ~ ~ ~ o o o ~ o o | 7 # | gentoo [I]6.2.1 | ~ ~ ~ ~ o ~ ~ ~ ~ o o o ~ o o | 7 o | gentoo
amd64 stable
x86 stable
ppc64 stable
arm64 stable
ppc stable
hppa/sparc stable
arm stable
Tree is clean.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
GLSA Vote: No Thank you all for you work. Closing as [noglsa].