Quay 3.4.0 release
Security Fix(es):
waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)
waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)
waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)
python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)
python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)
python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)
python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)
openstack-mistral: information disclosure in mistral log (CVE-2019-3866)
python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)
PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)
python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)
yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)
python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)
python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.