-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4631-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 21, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pillow
CVE ID         : CVE-2019-16865 CVE-2019-19911 CVE-2020-5311
                 CVE-2020-5312  CVE-2020-5313

Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service and potentially the
execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images
are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 4.0.0-4+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 5.4.1-2+deb10u1.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5QOzIACgkQEMKTtsN8
TjZzcg//eThj2Y9H99WWjofkjBkdatYwRdvjSonoBrJrCrz9QUVxXA/iNW/iq9yP
malKasWb4B4CqZhsOsJM3qF5nRb7UYvFR4RW5On/Q3pvtV4Gb5MoT+/e6yurKXmF
3mDh3NP52zpb5TECiIr8FicGz1oh5ouChwDUUAIuUTdbtR/gi8zzmaK+eE2XeGVD
4ZVyI+W/cj/57emvOtz1aBbEJZ8eNvrslDS5wCfOdGnixcZSDAfUWKUQmgAjZ0NQ
oH5AeHK6uAnrFFpaTv/o8SkTJJl8ciNO/XM42vfTO1qpVXsBMxAWrU6HrLITo5Y3
SSI1VV/2YBQLnzrwFBkLA+Eeo3v4z7bv1Z+4AGKfPDiw7s2BQ4yaQ+TiW64AfGNr
oIwEiQCO78EjcoMURfuypbqBZjC38TXMUk7nh6Yq5cOU9HY49TN1JlBPIfqot4A3
hBblu/eNhNeTuJESXkFWgFJcyym2g53QN8dUPs9vWMJuRy9bDn3HOAeFaXAsYkvG
WCn0BOS/GR+I1EH06gPszl65a1bVZo2TkEOhTKfvxHqtrNsfXVdhJzmjiOJrSbb6
7ZKNTicdmdBM5MQ9QL0FqMztOVWPmslqMJ0GILez4NBKXQKppOn6yABzkKDQS79b
7YgeXVatItdO/fJBKx3+/LCux3BOD+pLgCwJj3pXvW2XXcPWyYk=
=Wbg1
-----END PGP SIGNATURE-----