Debian 10261 Published by

A pillow regression update has been released for Debian GNU/Linux 8 Extended LTS to address a regression introduced by the previous update.



ELA-546-2 pillow regression update

Package : pillow
Version : 2.6.1-2+deb8u8 (jessie)

Related CVEs :
CVE-2021-28675

The patch to address CVE-2021-28675 in Pillow 2.6.1-2+deb8u7 raised OSError exceptions when processing truncated files. This version has been updated to raise IOError exceptions instead, which makes Pillow itself handle the error, making it more transparent to users.

  ELA-546-2 pillow regression update