Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 706202 (CVE-2019-19911, CVE-2020-5312, CVE-2020-5313) - <dev-python/pillow-6.2.2: multiple vulnerabilities (CVE-{2019-19911,2020-5312,2020,5313})
Summary: <dev-python/pillow-6.2.2: multiple vulnerabilities (CVE-{2019-19911,2020-5312...
Status: IN_PROGRESS
Alias: CVE-2019-19911, CVE-2020-5312, CVE-2020-5313
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable cve]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2020-01-23 21:41 UTC by GLSAMaker/CVETool Bot
Modified: 2020-01-27 16:13 UTC (History)
5 users (show)

See Also:
Package list:
dev-python/pillow-6.2.2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-01-23 21:41:31 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2020-01-23 21:43:24 UTC
* CVE-2019-19911: Prevent a denial-of-service vulnerability caused
  by FpxImagePlugin.py calling the range function on an unvalidated
  32-bit integer if the number of bands is large.

* CVE-2020-5312: PCX "P mode" buffer overflow.

* CVE-2020-5313: FLI buffer overflow.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-01-25 20:49:38 UTC
FWICS they're all fixed in 6.2.2.
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-01-26 20:57:29 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-01-27 12:12:21 UTC
sparc stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-01-27 12:16:46 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-01-27 12:25:03 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-01-27 12:45:06 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-01-27 16:13:48 UTC
ppc stable