| Package | pillow |
|---|---|
| Version | 2.6.1-2+deb8u8 (jessie) |
| Related CVEs | CVE-2021-28675 |
The patch to address CVE-2021-28675 in Pillow 2.6.1-2+deb8u7 raised OSError exceptions when processing truncated files. This version has been updated to raise IOError exceptions instead, which makes Pillow itself handle the error, making it more transparent to users.
For Debian 8 jessie, these problems have been fixed in version 2.6.1-2+deb8u8.
We recommend that you upgrade your pillow packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.