Fedora has issued an advisory on April 10: https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181943.html They backported a fix from upstream in this commit: http://pkgs.fedoraproject.org/cgit/rpms/python-pillow.git/commit/?h=f22&id=f5fa4f5bc0a6e3cf38c3ca348f0d10f059c1eea8
This update fixes an integer overflow in Jpeg2KEncode.c causing a buffer overflow (CVE-2016-3076). Refs : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3076 https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181943.html Packages in 5/core/updates_testing : python-pillow-2.6.2-2.5.mga5 python-pillow-devel-2.6.2-2.5.mga5 python-pillow-doc-2.6.2-2.5.mga5.noarch python-pillow-sane-2.6.2-2.5.mga5 python-pillow-tk-2.6.2-2.5.mga5 python-pillow-qt-2.6.2-2.5.mga5 python3-pillow-2.6.2-2.5.mga5 python3-pillow-devel-2.6.2-2.5.mga5 python3-pillow-doc-2.6.2-2.5.mga5.noarch python3-pillow-sane-2.6.2-2.5.mga5 python3-pillow-tk-2.6.2-2.5.mga5 python3-pillow-qt-2.6.2-2.5.mga5 From : python-pillow-2.6.2-2.5.mga5.src
Assignee: makowski.mageia => security
Assignee: security => qa-bugs
MGA5-32 on Acer D620 Xfce No istallation issues. Followed procedure as per bug 13075 Comment 1 at the CLI: $ python ~/Documenten/piltest.py JPEG (3264, 2448) RGB and image is displayed OK
CC: (none) => herman.viaeneWhiteboard: (none) => has_procedure MGA5-32-OK
x86_64 Mate Assembled a few scripts based on the tutorial referenced by bug 13075 c#1. Tested these out before the update then ran them again afterwards. Tested image conversion and display, identification and generating thumbnails. All OK. For convenience have attached the simple scripts as a tar file which expands into the ./pillow directory. They can be run with e.g. ./convert or ./thumbnail3 for python3.
CC: (none) => tarazed25
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
Created attachment 7663 [details] Some simple scripts
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory from comment 1 uploaded.
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure advisory MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0141.html
Status: NEW => RESOLVEDResolution: (none) => FIXED