ELSA-2020-0578

ULN >
Oracle Linux Errata repository >
ELSA-2020-0578

ELSA-2020-0578 - python-pillow security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2020-02-25

Description

[2.0.0-20gitd1c6db8]
- Combined fixes for CVE-2020-5312 and CVE-2019-16865
Resolves: rhbz#1789533
Resolves: rhbz#1774066

[2.0.0-19gitd1c6db8]
- Reenabled webp support on little endian archs.

[2.0.0-18gitd1c6db8]
- Disabled webp support on ppc64le due to #962091 and #1127230.
- Updated URL.

[2.0.0-17gitd1c6db8]
- Wiped out some memory leaks.

[2.0.0-15.gitd1c6db8]
- Mass rebuild 2014-01-24

[2.0.0-14gitd1c6db8]
- Fixed memory corruption.
- Resolves: rhbz#1001122

[2.0.0-13.gitd1c6db8]
- Mass rebuild 2013-12-27

[2.0.0-12]
- Mark doc subpackage arch dependent. Docs are built depending on supported
features, which are different across archs.
Resolves: rhbz#987839

[2.0.0-11]
- Drop lcms support
Resolves: rhbz#987839

[2.0.0-10]
- Build without webp support on s390* archs
Resolves: rhbz#962059

[2.0.0-9.gitd1c6db8]
- Conditionaly disable build of python3 parts on RHEL system

[2.0.0-8.gitd1c6db8]
- Add patch to fix test failure on big-endian

[2.0.0-7.gitd1c6db8]
- Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isn't
appropriate since qt support didn't exist in the previous python-pillow
package so there's no reason to drag in python-pillow-qt when updating
python-pillow.

[2.0.0-6.gitd1c6db8]
- Update to latest git
- python-pillow_quantization.patch now upstream
- python-pillow_endianness.patch now upstream
- Add subpackage for ImageQt module, with correct dependencies
- Add PyQt4 and numpy BR (for generating docs / running tests)

[2.0.0-5.git93a488e]
- Reenable tests on bigendian, add patches for #928927

[2.0.0-4.git93a488e]
- Update to latest git
- disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed

[2.0.0-3.gitde210a2]
- python-pillow_tempfile.patch now upstream
- Add python3-imaging provides (bug #924867)

[2.0.0-2.git2e88848]
- Update to latest git
- Remove python-pillow-disable-test.patch, gcc is now fixed
- Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged

[2.0.0-1.git2f4207c]
- Update to 2.0.0 git snapshot
- Enable python3 packages
- Add libwebp-devel BR for Pillow 2.0.0

[1.7.8-6.20130305git]
- Add ARM support

[1.7.8-5.20130305git]
- add s390* and ppc* to arch detection

[1.7.8-4.20130305git7866759]
- Update to latest git snapshot
- 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream
- Pillow-1.7.8-selftest.patch now upstream

[1.7.8-3.20130210gite09ff61]
- Really remove -fno-strict-aliasing
- Place comment on how to retreive source just above the Source0 line

[1.7.8-2.20130210gite09ff61]
- Rebuild without -fno-strict-aliasing
- Add patch for upstream issue #52

[1.7.8-1.20130210gite09ff61]
- Initial RPM package

Related CVEs

CVE-2019-16865

CVE-2020-5312

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_aarch64_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_aarch64_optional_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_aarch64_u7_patch
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_aarch64_u8_base
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	7ea13ca3fad0f95004cd4cf47f59a6f5af1e0ee1e417ebd1a4c9dda7bd463bc9	ELSA-2024-0857	ol7_aarch64_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	7ea13ca3fad0f95004cd4cf47f59a6f5af1e0ee1e417ebd1a4c9dda7bd463bc9	ELSA-2024-0857	ol7_aarch64_u7_patch
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	7ea13ca3fad0f95004cd4cf47f59a6f5af1e0ee1e417ebd1a4c9dda7bd463bc9	ELSA-2024-0857	ol7_aarch64_u8_base
	python-pillow-devel-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	d552b85b7bc346745ed5a80c633f87cc2a2ca1ba9bb0829c91f1dd73050f99b6	ELSA-2024-0857	ol7_aarch64_optional_latest
	python-pillow-doc-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	c7696c290ae01de090212b4f831faf44b1a2d382ca4162e62802674df1e41ca3	ELSA-2024-0857	ol7_aarch64_optional_latest
	python-pillow-qt-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	7ab1d4fe506221526a28be4af32f61b5f0184897842a3576cc94758b5190f5df	ELSA-2024-0857	ol7_aarch64_optional_latest
	python-pillow-sane-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	7fcb2054d34d3189fc154756beddf674acd4a8967d99176a9c471530300af18e	ELSA-2024-0857	ol7_aarch64_optional_latest
	python-pillow-tk-2.0.0-20.gitd1c6db8.el7_7.aarch64.rpm	44b5fe075aa87c25517f1175375e850fba8329b0e242384467d654aa6579d4e6	ELSA-2024-0857	ol7_aarch64_optional_latest

Oracle Linux 7 (x86_64)	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_x86_64_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_x86_64_u7_patch
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.src.rpm	eca8d30493a104a93720ba5a66d71bf69f26821f9a6fc28888979847f92c790c	ELSA-2024-0857	ol7_x86_64_u8_base
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.i686.rpm	e9357533d897159b2ed04509666ef3802fdff4c9cb73edd833515277fd2b5a84	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	c425c358f736f01502a023b55c27144e212acb420b0e92e381c49d330601c3e5	ELSA-2024-0857	ol7_x86_64_latest
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	c425c358f736f01502a023b55c27144e212acb420b0e92e381c49d330601c3e5	ELSA-2024-0857	ol7_x86_64_u7_patch
	python-pillow-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	c425c358f736f01502a023b55c27144e212acb420b0e92e381c49d330601c3e5	ELSA-2024-0857	ol7_x86_64_u8_base
	python-pillow-devel-2.0.0-20.gitd1c6db8.el7_7.i686.rpm	79f60b52a999952e0be15fb214a7dc6e1455457d2db7ced36f8d1aff7d674526	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-devel-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	55ea7f34cc2c0ecf9af3c328a407799cfc94501d7c89478c0b064fbe88504fd5	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-doc-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	76f15d99a37a224b252488cc9664dc2b824e6abb56217176ab305274a847431e	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-qt-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	3bc2a59572c0553f10717543275d4a83a5468141f4c8bb8984cdb78fc361d72e	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-sane-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	c63fdac5bae1e29380bcd83ef11d3164c89f2b232d9d27adc26743c33ed188d1	ELSA-2024-0857	ol7_x86_64_optional_latest
	python-pillow-tk-2.0.0-20.gitd1c6db8.el7_7.x86_64.rpm	d410a5f42ed54a62c8cab99761eaa95cd67115a6e4aca651ace7675d51083a10	ELSA-2024-0857	ol7_x86_64_optional_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691