Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4785

[SECURITY] [DSA 6219-1] pillow security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6219-1] pillow security update
Date 2026-04-19 20:30 +0200
Message-ID <MLF45-grkP-1@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6219-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 19, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pillow
CVE ID         : CVE-2026-40192

It was discovered that missing input sanitising in the FITS support of
Pillow, a Python imaging library, could result in denial of service.

The oldstable distribution (bookworm) is not affected.

For the stable distribution (trixie), this problem has been fixed in
version 11.1.0-5+deb13u2.

We recommend that you upgrade your pillow packages.

For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnlG1AACgkQEMKTtsN8
TjZ5pw//ZhrwT5Uvs+C3LLazO8yJ9E6N7OEed0YQJ2zqtC9NcDMc/FprWSNfF0ge
Mufc+2GS20rXcMQWHjIWiF0rm+78OKtBPhRKzib8sE9h1RcnKzuBJNlzw+GjmAEl
CYebPZVoD2I+vwn6q1KSq7lRL8tJzTGnSMV+5jQa/6cSmwqP39pP+THPTuhVIws7
ooltIcpcZreLalJP7GoHPmUeSdT0MTVncDVQpGJ4ACogfQ/RPVwElsZlQr3ZFflt
X+LiQJEsbu1DUaHl0nDkyYGlYF0dRWqBuvoQMnQfnyJdp9zZauS3329yCMh2UrsF
CelRICrpMzZmUes6agpHs9I+Z4N2F8MpZ5LCp3JgsiJcqP6vgna82Qx91A3VH9Wd
2fnpNn7luUKvbhw9EHX2jTBKiMz09nACQq3Uxl3XzDFpB65XJVSm2Wut9saC/biV
wmnXFCWUAyXb6pB/R7ye+2ga3f0d1MGWZmU0VIv3HKWu3Mg2g34DK+P7obKz5hOs
ahKxKR1KwnGl2trdgxdsL/p4IHKNThNOvZfxOj4sFG1dLRJa4ry8QKtlaqsus/zl
sEyTx/xZ5pfp4yl3zp0f+i9Oas5pNB8Vszb9SWqRu9zEahjJ7QgMfpJo9pNHcJxv
TPDt4a6TKFn815fW+W9c+ZCF9+UCBnItiWJ85BSAKgrOT2H7HKE=
=MECh
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6219-1] pillow security update Moritz Muehlenhoff <jmm@debian.org> - 2026-04-19 20:30 +0200

csiph-web