CVE-2021-34552: Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Please stabilize 8.3.0.
sparc stable
amd64 done
x86 done
arm64 done
Ping.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11523faea2b3008fd55f6c371dd218267d91cb6f commit 11523faea2b3008fd55f6c371dd218267d91cb6f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-16 02:27:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-16 02:27:26 +0000 dev-python/pillow: add USE=truetype to test REQUIRED_USE See 11131c2b5d5252fdca56643a4b976c6ac0ca11ea. Bug: https://bugs.gentoo.org/show_bug.cgi?id=811453 Bug: https://bugs.gentoo.org/802090 Signed-off-by: Sam James <sam@gentoo.org> dev-python/pillow/pillow-8.3.0.ebuild | 2 +- dev-python/pillow/pillow-8.3.1.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
arm done
Ping ppc, ppc64
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=489350a86a27cbf30814583641081d7f76bad69a commit 489350a86a27cbf30814583641081d7f76bad69a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-11-14 08:08:10 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-11-14 08:16:38 +0000 dev-python/pillow: Remove old Bug: https://bugs.gentoo.org/811450 Bug: https://bugs.gentoo.org/802090 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/pillow/Manifest | 3 -- dev-python/pillow/pillow-8.2.0.ebuild | 98 ----------------------------------- dev-python/pillow/pillow-8.3.0.ebuild | 98 ----------------------------------- dev-python/pillow/pillow-8.3.1.ebuild | 98 ----------------------------------- 4 files changed, 297 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118 commit 65e54c1c2d5aa2b4a2012ca5e8d6771961ac4118 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-11-22 03:53:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 03:59:40 +0000 [ GLSA 202211-10 ] Pillow: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/802090 Bug: https://bugs.gentoo.org/811450 Bug: https://bugs.gentoo.org/830934 Bug: https://bugs.gentoo.org/832598 Bug: https://bugs.gentoo.org/855683 Bug: https://bugs.gentoo.org/878769 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202211-10.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
GLSA released, all done!
