Control: tags -1 + confirmed On Thu, 2021-07-29 at 09:54 +0100, Neil Williams wrote: > Fix for CVE-2021-34552 (#991293) is mitigated by FORTIFY_SOURCE, so > this upload targets proposed-updates instead of security after > discussion with Moritz. > > Other pending CVEs in pillow for buster have been set to ignored as > the patches would be too intrusive in buster due mainly to binary > changes in the test suite support files. > > Debdiff is attached. > > pillow (5.4.1-2+deb10u3) buster; urgency=medium > . > * Non-maintainer upload by the Security Team.
That seems inaccurate. > [ Moritz Mühlenhoff ] > * CVE-2020-35653 CVE-2020-35655 CVE-2021-27921 CVE-2021-27922 > CVE-2021-27923 CVE-2021-25290 CVE-2021-25292 CVE-2021-28677 > CVE-2021-28678 > . > [ Neil Williams ] > * CVE-2021-34552 > I'd prefer more verbose changelog entries, but please go ahead. Regards, Adam
