* CVE-2019-19911: Prevent a denial-of-service vulnerability caused
by FpxImagePlugin.py calling the range function on an unvalidated
32-bit integer if the number of bands is large.
* CVE-2020-5312: PCX "P mode" buffer overflow.
* CVE-2020-5313: FLI buffer overflow.
FWICS they're all fixed in 6.2.2.
~hppa is fine
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
@maintainer(s), please cleanup!
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer
overflow, related to realloc.
The bug has been referenced in the following commit(s):
Author: Aaron Bauman <firstname.lastname@example.org>
AuthorDate: 2020-05-04 01:21:39 +0000
Commit: Aaron Bauman <email@example.com>
CommitDate: 2020-05-04 01:22:13 +0000
dev-python/pillow: drop vulnerable
Signed-off-by: Aaron Bauman <firstname.lastname@example.org>
dev-python/pillow/Manifest | 1 -
dev-python/pillow/pillow-6.2.1.ebuild | 98 -----------------------------------
2 files changed, 99 deletions(-)