Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0446d762 by Chris Lamb at 2021-05-11T10:30:35+01:00
Triage CVE-2021-29495 in nim for stretch LTS.
- - - - -
87c90532 by Chris Lamb at 2021-05-11T10:33:30+01:00
Triage CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676,
CVE-2021-28677 & CVE-2021-28678 in pillow for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6885,6 +6885,7 @@ CVE-2021-29496
CVE-2021-29495 (Nim is a statically typed compiled systems programming
language. In Ni ...)
- nim 1.4.2-1
[buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
NOTE:
https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr
CVE-2021-29494
RESERVED
@@ -8804,6 +8805,7 @@ CVE-2021-28678
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
NOTE:
https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
CVE-2021-28677
@@ -8811,6 +8813,7 @@ CVE-2021-28677
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
NOTE:
https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
CVE-2021-28676
@@ -8818,6 +8821,7 @@ CVE-2021-28676
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
NOTE:
https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
CVE-2021-28675
@@ -8825,6 +8829,7 @@ CVE-2021-28675
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
NOTE:
https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497
CVE-2021-28674
@@ -17103,6 +17108,7 @@ CVE-2021-25288
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
NOTE:
https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
CVE-2021-25287
@@ -17110,6 +17116,7 @@ CVE-2021-25287
[experimental] - pillow 8.2.0-1
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <no-dsa> (Minor issue)
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
CVE-2021-3185 (A flaw was found in the gstreamer h264 component of
gst-plugins-bad be ...)
{DSA-4833-1 DLA-2528-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2225d3b0fed0d4373f2331ef82a866f7bfe0f1cd...87c905320f553eae3188bac207236dbf527180cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2225d3b0fed0d4373f2331ef82a866f7bfe0f1cd...87c905320f553eae3188bac207236dbf527180cb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
