DebianDEBIAN:DSA-5704-1:BEC9A

HistoryJun 05, 2024 - 6:59 p.m.

[SECURITY] [DSA 5704-1] pillow security update

2024-06-0518:59:18

lists.debian.org

debian

pillow

python

security

cve-2023-44271

cve-2023-50447

cve-2024-28219

denial of service

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Debian Security Advisory DSA-5704-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
June 05, 2024 https://www.debian.org/security/faq

Package : pillow
CVE ID : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 8.1.2+dfsg-0.3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.0-1.1+deb12u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11allpython-pil-doc< 8.1.2+dfsg-0.3+deb11u2python-pil-doc_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian12allpillow< 9.4.0-1.1+deb12u1pillow_9.4.0-1.1+deb12u1_all.deb
Debian11allpython3-pil-dbg< 8.1.2+dfsg-0.3+deb11u2python3-pil-dbg_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian11allpython3-pil.imagetk< 8.1.2+dfsg-0.3+deb11u2python3-pil.imagetk_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian12allpython3-pil< 9.4.0-1.1+deb12u1python3-pil_9.4.0-1.1+deb12u1_all.deb
Debian11allpillow< 8.1.2+dfsg-0.3+deb11u2pillow_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian12allpython-pil-doc< 9.4.0-1.1+deb12u1python-pil-doc_9.4.0-1.1+deb12u1_all.deb
Debian12allpython3-pil.imagetk< 9.4.0-1.1+deb12u1python3-pil.imagetk_9.4.0-1.1+deb12u1_all.deb
Debian11allpython3-pil.imagetk-dbg< 8.1.2+dfsg-0.3+deb11u2python3-pil.imagetk-dbg_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian11allpython3-pil< 8.1.2+dfsg-0.3+deb11u2python3-pil_8.1.2+dfsg-0.3+deb11u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	python-pil-doc	< 8.1.2+dfsg-0.3+deb11u2	python-pil-doc_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	12	all	pillow	< 9.4.0-1.1+deb12u1	pillow_9.4.0-1.1+deb12u1_all.deb
Debian	11	all	python3-pil-dbg	< 8.1.2+dfsg-0.3+deb11u2	python3-pil-dbg_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	11	all	python3-pil.imagetk	< 8.1.2+dfsg-0.3+deb11u2	python3-pil.imagetk_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	12	all	python3-pil	< 9.4.0-1.1+deb12u1	python3-pil_9.4.0-1.1+deb12u1_all.deb
Debian	11	all	pillow	< 8.1.2+dfsg-0.3+deb11u2	pillow_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	12	all	python-pil-doc	< 9.4.0-1.1+deb12u1	python-pil-doc_9.4.0-1.1+deb12u1_all.deb
Debian	12	all	python3-pil.imagetk	< 9.4.0-1.1+deb12u1	python3-pil.imagetk_9.4.0-1.1+deb12u1_all.deb
Debian	11	all	python3-pil.imagetk-dbg	< 8.1.2+dfsg-0.3+deb11u2	python3-pil.imagetk-dbg_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	11	all	python3-pil	< 8.1.2+dfsg-0.3+deb11u2	python3-pil_8.1.2+dfsg-0.3+deb11u2_all.deb