This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch
#1153191 #1160152 #1160153 #1160192 #1173413
#1173416 #1173418 #965582
Cross- CVE-2016-0775 CVE-2019-16865 CVE-2019-19911
CVE-2020-10177 CVE-2020-10378 CVE-2020-10994
CVE-2020-5312 CVE-2020-5313
Affected Products:
SUSE Enterprise Storage 5
https://www.suse.com/security/cve/CVE-2016-0775.html
https://www.suse.com/security/cve/CVE-2019-16865.html
https://www.suse.com/security/cve/CVE-2019-19911.html
https://www.suse.com/security/cve/CVE-2020-10177.html
https://www.suse.com/security/cve/CVE-2020-10378.html
https://www.suse.com/security/cve/CVE-2020-10994.html
https://www.suse.com/security/cve/CVE-2020-5312.html
https://www.suse.com/security/cve/CVE-2020-5313.html
https://bugzilla.suse.com/1153191
Get the latest Linux and open source security news straight to your inbox.