According to the RedHat summary: It was found that in storage.c, the image size is not checked for negative values. This can lead to a null pointer dereference in 3.3.x, or a dereference of junk memory prior to that. Upstream patch: https://github.com/python-pillow/Pillow/commit/5d8a0be45aad78c5a22c8d099118ee26ef8144af Reproducible: Always
We have pinged the Python team in other Pillow bugs so I am calling for stable due to timeout. @arches, please stabilize: =dev-python/pillow-3.4.2
amd64 stable
x86 stable
Stable for HPPA PPC64.
arm stable
ppc stable
I revbumped pillow-3.4.2 to resolve a file collision (bug 600694). Remaining archs should proceed with dev-python/pillow-3.4.2-r1 instead.
sparc stable
ia64 stable. Maintainer(s), please cleanup.
*** Bug 596356 has been marked as a duplicate of this bug. ***
This issue was resolved and addressed in GLSA 201612-52 at https://security.gentoo.org/glsa/201612-52 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for cleanup. @ Maintainer(s): Please either drop <dev-python/pillow-3.4.2-r1 or apply package masks indicating a security problem.
Cleanup done.