From 05955bcbe7b51f771a1f54b732b9292f86c2f2c2 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Tue, 9 Jul 2024 17:33:35 +0800 Subject: [PATCH] Fix CVE-2024-28219 --- CVE-2024-28219.patch | 24 ++++++++++++++++++++++++ python-pillow.spec | 8 +++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-28219.patch diff --git a/CVE-2024-28219.patch b/CVE-2024-28219.patch new file mode 100644 index 0000000..b8333c4 --- /dev/null +++ b/CVE-2024-28219.patch @@ -0,0 +1,24 @@ +diff --git a/src/_imagingcms.c b/src/_imagingcms.c +--- a/src/_imagingcms.c ++++ b/src/_imagingcms.c +@@ -212,8 +212,8 @@ cms_transform_new(cmsHTRANSFORM transform, char* mode_in, char* mode_out) + + self->transform = transform; + +- strcpy(self->mode_in, mode_in); +- strcpy(self->mode_out, mode_out); ++ strncpy(self->mode_in, mode_in, 8); ++ strncpy(self->mode_out, mode_out, 8); + + return (PyObject*) self; + } +@@ -286,8 +286,8 @@ findLCMStype(char* PILmode) + } + + else { +- /* take a wild guess... but you probably should fail instead. */ +- return TYPE_GRAY_8; /* so there's no buffer overrun... */ ++ /* take a wild guess... */ ++ return TYPE_GRAY_8; + } + } diff --git a/python-pillow.spec b/python-pillow.spec index 695b0ef..f25afe4 100644 --- a/python-pillow.spec +++ b/python-pillow.spec @@ -8,7 +8,7 @@ Name: python-%{srcname} Version: 5.1.1 -Release: 20%{?dist} +Release: 21%{?dist} Summary: Python image processing library # License: see http://www.pythonware.com/products/pil/license.htm @@ -119,6 +119,9 @@ Patch21: CVE-2023-50447.patch #https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Patch22: CVE-2023-44271.patch +# https://github.com/python-pillow/Pillow/pull/7928/files +Patch23: CVE-2024-28219.patch + BuildRequires: freetype-devel BuildRequires: gcc BuildRequires: ghostscript @@ -262,6 +265,9 @@ popd %changelog +* Tue Jul 09 2024 songmingliang - 5.1.1-21 +- Fix CVE-2024-28219 + * Fri Jun 07 2024 Kai Song - -5.1.1-20 - Fix CVE-2023-44271 -- Gitee