import python-pillow-5.1.1-16.el8
This commit is contained in:
parent
bd916774b2
commit
5e5ab2cdbd
33
SOURCES/CVE-2021-34552.patch
Normal file
33
SOURCES/CVE-2021-34552.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff --git a/src/libImaging/Convert.c b/src/libImaging/Convert.c
|
||||
index b3e48e5..cfed8ad 100644
|
||||
--- a/src/libImaging/Convert.c
|
||||
+++ b/src/libImaging/Convert.c
|
||||
@@ -1338,9 +1338,8 @@ convert(Imaging imOut, Imaging imIn, const char *mode,
|
||||
return (Imaging) ImagingError_ValueError("conversion not supported");
|
||||
#else
|
||||
{
|
||||
- static char buf[256];
|
||||
- /* FIXME: may overflow if mode is too large */
|
||||
- sprintf(buf, "conversion from %s to %s not supported", imIn->mode, mode);
|
||||
+ static char buf[100];
|
||||
+ snprintf(buf, 100, "conversion from %.10s to %.10s not supported", imIn->mode, mode);
|
||||
return (Imaging) ImagingError_ValueError(buf);
|
||||
}
|
||||
#endif
|
||||
@@ -1394,9 +1393,13 @@ ImagingConvertTransparent(Imaging imIn, const char *mode,
|
||||
}
|
||||
#else
|
||||
{
|
||||
- static char buf[256];
|
||||
- /* FIXME: may overflow if mode is too large */
|
||||
- sprintf(buf, "conversion from %s to %s not supported in convert_transparent", imIn->mode, mode);
|
||||
+ static char buf[100];
|
||||
+ snprintf(
|
||||
+ buf,
|
||||
+ 100,
|
||||
+ "conversion from %.10s to %.10s not supported in convert_transparent",
|
||||
+ imIn->mode,
|
||||
+ mode);
|
||||
return (Imaging) ImagingError_ValueError(buf);
|
||||
}
|
||||
#endif
|
@ -8,7 +8,7 @@
|
||||
|
||||
Name: python-%{srcname}
|
||||
Version: 5.1.1
|
||||
Release: 15%{?dist}
|
||||
Release: 16%{?dist}
|
||||
Summary: Python image processing library
|
||||
|
||||
# License: see http://www.pythonware.com/products/pil/license.htm
|
||||
@ -94,6 +94,11 @@ Patch16: CVE-2021-28677.patch
|
||||
# Upstream fix: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
|
||||
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-28678
|
||||
Patch17: CVE-2021-28678.patch
|
||||
# CVE-2021-34552: buffer overflow in Convert.c because it allow an attacker to pass
|
||||
# controlled parameters directly into a convert function
|
||||
# Upstream fix: https://github.com/python-pillow/Pillow/pull/5567
|
||||
# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1982378
|
||||
Patch18: CVE-2021-34552.patch
|
||||
|
||||
BuildRequires: freetype-devel
|
||||
BuildRequires: gcc
|
||||
@ -238,6 +243,10 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Aug 02 2021 Charalampos Stratakis <cstratak@redhat.com> - 5.1.1-16
|
||||
- Fix for CVE-2021-34552
|
||||
Resolves: rhbz#1982378
|
||||
|
||||
* Mon Jun 14 2021 Lumír Balhar <lbalhar@redhat.com> - 5.1.1-15
|
||||
- Fixes for CVE-2021-25288, CVE-2021-25287, CVE-2021-28675, CVE-2021-28676,
|
||||
CVE-2021-28677 and CVE-2021-28678
|
||||
|
Loading…
Reference in New Issue
Block a user