Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker
Commits: dd5e8d59 by Sean Whitton at 2024-03-22T17:56:10+08:00 Reserve DLA-3768-1 for pillow - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -28595,7 +28595,6 @@ CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial - pillow 10.0.0-1 [bookworm] - pillow <no-dsa> (Minor issue) [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/7244 NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0) CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...) @@ -226035,7 +226034,6 @@ CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vu CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) - pillow 8.3.2-1 [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA) NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[22 Mar 2024] DLA-3768-1 pillow - security update + {CVE-2021-23437 CVE-2022-22817 CVE-2023-44271} + [buster] - pillow 5.4.1-2+deb10u5 [20 Mar 2024] DLA-3767-1 imagemagick - security update {CVE-2022-48541} [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u7 ===================================== data/dla-needed.txt ===================================== @@ -211,10 +211,6 @@ pdns-recursor (dleidert) NOTE: 20240306: Added by Front-Desk (opal) NOTE: 20240319: Upload postponed due to #1067124 (dleidert) -- -pillow (Sean) - NOTE: 20240321: Added by Front-Desk (ta) - NOTE: 20240321: follow-up fix to CVE-2022-22817 discussed in ELA-1059-1 --- putty NOTE: 20231224: Added by Front-Desk (ta) NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e8d59a6dcdbff7cf9afda00512cf90e8b3864 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e8d59a6dcdbff7cf9afda00512cf90e8b3864 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits