Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
baddb850 by Salvatore Bonaccorso at 2020-02-14T00:19:06+01:00
Add information on introducing commits for CVE-2020-5310/pillow
We should check if the overflow is only possible after both of those
upstream commits.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8074,7 +8074,9 @@ CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before
6.2.2 has an SGI buffe
CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF
decoding int ...)
- pillow 7.0.0-1 (bug #948224)
[jessie] - pillow <not-affected> (The vulnerable code was introduced
later)
- NOTE:
https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
(6.2.2)
+ NOTE: Introduced by:
https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d
(5.3.0)
+ NOTE: and
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f
(6.0.0)
+ NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
(6.2.2)
CVE-2020-5309
RESERVED
CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable
to XSS, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/baddb85047c61dc1f097e7e2536e3b500a05b561
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/baddb85047c61dc1f097e7e2536e3b500a05b561
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
