[Git][security-tracker-team/security-tracker][master] pillow: stretch triage

Tue, 19 Jan 2021 06:56:26 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
09a05661 by Sylvain Beucler at 2021-01-19T15:53:55+01:00
pillow: stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9231,18 +9231,23 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote 
authenticated administrators to
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer 
over-read whe ...)
        - pillow 8.1.0-1
        [buster] - pillow <no-dsa> (Minor issue)
+       [stretch] - pillow <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
        NOTE: https://github.com/python-pillow/Pillow/pull/5173
        NOTE: 
https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
+       NOTE: Introduced in 
https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8
 (4.3.0)
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer 
overflow wh ...)
        - pillow 8.1.0-1
        [buster] - pillow <not-affected> (Vulnerable code not present)
+       [stretch] - pillow <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
        NOTE: https://github.com/python-pillow/Pillow/pull/5175
        NOTE: 
https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
+       NOTE: Introduced in: 
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f
 (6.0.0)
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when 
decoding ...)
        - pillow 8.1.0-1
        [buster] - pillow <no-dsa> (Minor issue)
+       [stretch] - pillow <postponed> (Minor issue, buffer read overflow)
        NOTE: 
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
        NOTE: https://github.com/python-pillow/Pillow/pull/5174
        NOTE: 
https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09a0566173b47cbff88ff6f6b3fee5560532315e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09a0566173b47cbff88ff6f6b3fee5560532315e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to