Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9beba2d3 by Salvatore Bonaccorso at 2020-07-16T14:46:26+02:00
Several pillow issues fixed in unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11690,7 +11690,7 @@ CVE-2020-11540
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12
devices. It ...)
NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number
of out- ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4504
NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -13097,7 +13097,7 @@ CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and
including 4.3.0 does not
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are
multipl ...)
- - pillow <unfixed> (low)
+ - pillow 7.2.0-1 (low)
[buster] - pillow <no-dsa> (Minor issue)
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4505
@@ -15011,7 +15011,7 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL
Injection. ...)
NOTE: Fixed by:
https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
NOTE: Test:
https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in
libImaging/T ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs
introduced in 6.0.0)
[stretch] - pillow <not-affected> (Support for old-JPEG compressed
TIFFs introduced in 6.0.0)
[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs
introduced in 6.0.0)
@@ -15019,7 +15019,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two
Buffer Overflows in libIma
NOTE: https://github.com/python-pillow/Pillow/pull/4507
NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an
out-of-bounds rea ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <not-affected> (Vulnerable code not present)
[jessie] - pillow <no-dsa> (Minor issue)
@@ -15492,7 +15492,7 @@ CVE-2020-10179
CVE-2020-10178
REJECTED
CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in
libImaging/Fli ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <ignored> (Minor issue)
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9beba2d328cfeaa8209cce7118848ea57802f9d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9beba2d328cfeaa8209cce7118848ea57802f9d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
