Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24329ad5 by Moritz Muehlenhoff at 2020-02-20T22:07:17+01:00
NFUs
pillow updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8808,6 +8808,7 @@ CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before
6.2.2 has a PCX P mode bu
NOTE:
https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
(6.2.2)
CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI
buffer ove ...)
- pillow 7.0.0-1 (bug #948224)
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
[jessie] - pillow <not-affected> (The vulnerable code was introduced
later)
NOTE:
https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
(6.2.2)
CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF
decoding int ...)
@@ -26900,13 +26901,13 @@ CVE-2019-17522 (A stored XSS vulnerability was
discovered in Hotaru CMS v1.7.2 v
CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF
vulnerab ...)
NOT-FOR-US: Landing-CMS
CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments
SDK throu ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments
CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through
2.2.1 for K ...)
- TODO: check
+ NOT-FOR-US: NXP
CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog
Semiconductor SDK th ...)
- TODO: check
+ NOT-FOR-US: Dialog Semiconductor
CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog
Semiconductor SDK th ...)
- TODO: check
+ NOT-FOR-US: Dialog Semiconductor
CVE-2019-17516
RESERVED
CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for
WordPre ...)
@@ -28023,9 +28024,9 @@ CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1
(for Java), a crafted PDF fi
CVE-2019-17062 (An issue was discovered in OXID eShop 6.x before 6.0.6 and
6.1.x befor ...)
NOT-FOR-US: OXID eShop
CVE-2019-17061 (The Bluetooth Low Energy (BLE) stack implementation on Cypress
PSoC 4 ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2019-17060 (The Bluetooth Low Energy (BLE) stack implementation on the NXP
KW41Z ( ...)
- TODO: check
+ NOT-FOR-US: NXP
CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam
firewall applia ...)
NOT-FOR-US: Sophos
CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary
file uplo ...)
@@ -28725,7 +28726,6 @@ CVE-2015-9409 (The alo-easymail plugin before 2.6.01
for WordPress has CSRF with
NOT-FOR-US: Wordpress plugin
CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading
specially ...)
- pillow 6.2.0-1 (low)
- [buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <no-dsa> (Minor issue)
[jessie] - pillow <no-dsa> (Risk of regressions is too high)
- python-imaging <removed>
@@ -30089,7 +30089,7 @@ CVE-2019-16338
CVE-2019-16337
RESERVED
CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE
componen ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
{DSA-4542-1 DLA-1943-1}
- jackson-databind 2.10.0-1 (bug #940498)
@@ -35577,7 +35577,7 @@ CVE-2019-XXXX [Buffer overflow during processing of
large server replies]
CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR
or SUP e ...)
NOT-FOR-US: pandao Editor.md
CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka
aws-js-s3-explor ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS JavaScript S3 Explorer
CVE-2019-14651
RESERVED
CVE-2019-14650
@@ -35691,7 +35691,7 @@ CVE-2019-14600 (Uncontrolled search path element in the
installer for Intel(R) S
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and
earlier ...)
NOT-FOR-US: Intel
CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions
12.0 th ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14597
RESERVED
CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset
Device S ...)
@@ -35920,7 +35920,7 @@ CVE-2019-14516 (The mAadhaar application 1.2.7 for
Android lacks SSL Certificate
CVE-2019-14515
RESERVED
CVE-2019-14514 (An issue was discovered in Microvirt MEmu all versions prior
to 7.0.2. ...)
- TODO: check
+ NOT-FOR-US: Microvirt MEmu
CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an
attacker con ...)
{DLA-1921-1}
- dnsmasq 2.76-1
@@ -40761,9 +40761,9 @@ CVE-2019-13324 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2019-13323 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit Studio Photo
CVE-2019-13322 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-13321 (This vulnerability allows network adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-13320 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13319 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24329ad5f16ea408a23dbb900ebc4b38b458d6aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24329ad5f16ea408a23dbb900ebc4b38b458d6aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
