Binary files /tmp/tmpr87qnd1a/o13FraeV9d/pillow-10.2.0/Tests/icc/sGrey-v2-nano.icc and /tmp/tmpr87qnd1a/AynvSw859M/pillow-10.2.0/Tests/icc/sGrey-v2-nano.icc differ diff -Nru pillow-10.2.0/debian/changelog pillow-10.2.0/debian/changelog --- pillow-10.2.0/debian/changelog 2024-01-20 09:47:10.000000000 +0000 +++ pillow-10.2.0/debian/changelog 2024-04-15 14:10:42.000000000 +0000 @@ -1,3 +1,18 @@ +pillow (10.2.0-1ubuntu1) noble; urgency=medium + + * SECURITY UPDATE: Buffer overflow in imagingcms.c + - debian/patches/CVE-2024-28219.patch: Use strncpy + to avoid buffer overflow + - CVE-2024-28219 + + -- Nick Galanis Mon, 15 Apr 2024 15:10:42 +0100 + +pillow (10.2.0-1build1) noble; urgency=high + + * No change rebuild for 64-bit time_t and frame pointers. + + -- Julian Andres Klode Mon, 08 Apr 2024 18:15:35 +0200 + pillow (10.2.0-1) unstable; urgency=medium * New upstream version. Addresses CVE-2023-50447. Closes: #1061172. diff -Nru pillow-10.2.0/debian/control pillow-10.2.0/debian/control --- pillow-10.2.0/debian/control 2023-10-31 12:25:44.000000000 +0000 +++ pillow-10.2.0/debian/control 2024-04-08 16:15:35.000000000 +0000 @@ -1,7 +1,8 @@ Source: pillow Section: python Priority: optional -Maintainer: Matthias Klose +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Matthias Klose Build-Depends: debhelper (>= 11), tk-dev, dpkg-dev (>= 1.16.1~), dh-python, python3-all-dev, python3-setuptools, diff -Nru pillow-10.2.0/debian/patches/CVE-2024-28219.patch pillow-10.2.0/debian/patches/CVE-2024-28219.patch --- pillow-10.2.0/debian/patches/CVE-2024-28219.patch 1970-01-01 00:00:00.000000000 +0000 +++ pillow-10.2.0/debian/patches/CVE-2024-28219.patch 2024-04-15 14:10:42.000000000 +0000 @@ -0,0 +1,45 @@ +From 2a93aba5cfcf6e241ab4f9392c13e3b74032c061 Mon Sep 17 00:00:00 2001 +From: Andrew Murray +Date: Thu, 22 Feb 2024 18:56:26 +1100 +Subject: [PATCH] Use strncpy to avoid buffer overflow + +Index: pillow-10.2.0/Tests/test_imagecms.py +=================================================================== +--- pillow-10.2.0.orig/Tests/test_imagecms.py ++++ pillow-10.2.0/Tests/test_imagecms.py +@@ -627,3 +627,9 @@ def test_rgb_lab(mode): + im = Image.new("LAB", (1, 1), (255, 0, 0)) + converted_im = im.convert(mode) + assert converted_im.getpixel((0, 0))[:3] == (0, 255, 255) ++ ++ ++ ++def test_long_modes(): ++ p = ImageCms.getOpenProfile("Tests/icc/sGrey-v2-nano.icc") ++ ImageCms.buildTransform(p, p, "ABCDEFGHI", "ABCDEFGHI") +Index: pillow-10.2.0/src/_imagingcms.c +=================================================================== +--- pillow-10.2.0.orig/src/_imagingcms.c ++++ pillow-10.2.0/src/_imagingcms.c +@@ -201,8 +201,8 @@ cms_transform_new(cmsHTRANSFORM transfor + + self->transform = transform; + +- strcpy(self->mode_in, mode_in); +- strcpy(self->mode_out, mode_out); ++ strncpy(self->mode_in, mode_in, 8); ++ strncpy(self->mode_out, mode_out, 8); + + return (PyObject *)self; + } +@@ -244,8 +244,8 @@ findLCMStype(char *PILmode) { + } + + else { +- /* take a wild guess... but you probably should fail instead. */ +- return TYPE_GRAY_8; /* so there's no buffer overrun... */ ++ /* take a wild guess... */ ++ return TYPE_GRAY_8; + } + } + diff -Nru pillow-10.2.0/debian/patches/series pillow-10.2.0/debian/patches/series --- pillow-10.2.0/debian/patches/series 2023-06-12 07:37:46.000000000 +0000 +++ pillow-10.2.0/debian/patches/series 2024-04-15 14:09:35.000000000 +0000 @@ -4,3 +4,4 @@ no-sphinx-removed-in.diff no-sphinx-opengraph.diff no-sphinx-furo.diff +CVE-2024-28219.patch diff -Nru pillow-10.2.0/debian/source/include-binaries pillow-10.2.0/debian/source/include-binaries --- pillow-10.2.0/debian/source/include-binaries 2022-10-21 15:53:14.000000000 +0000 +++ pillow-10.2.0/debian/source/include-binaries 2024-04-15 14:10:42.000000000 +0000 @@ -1 +1,2 @@ Tests/images/tga_id_field.tga +Tests/icc/sGrey-v2-nano.icc