[Git][security-tracker-team/security-tracker][master] Reserve DLA-3768-1 for pillow

Fri, 22 Mar 2024 02:57:13 -0700 


Sean Whitton pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd5e8d59 by Sean Whitton at 2024-03-22T17:56:10+08:00
Reserve DLA-3768-1 for pillow

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -28595,7 +28595,6 @@ CVE-2023-44271 (An issue was discovered in Pillow 
before 10.0.0. It is a Denial
        - pillow 10.0.0-1
        [bookworm] - pillow <no-dsa> (Minor issue)
        [bullseye] - pillow <no-dsa> (Minor issue)
-       [buster] - pillow <no-dsa> (Minor issue)
        NOTE: https://github.com/python-pillow/Pillow/pull/7244
        NOTE: 
https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
 (10.0.0)
 CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was 
discovere ...)
@@ -226035,7 +226034,6 @@ CVE-2021-23438 (This affects the package mpath before 
0.8.4. A type confusion vu
 CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to 
Regular Ex ...)
        - pillow 8.3.2-1
        [bullseye] - pillow <no-dsa> (Minor issue)
-       [buster] - pillow <no-dsa> (Minor issue)
        [stretch] - pillow <postponed> (Minor issue, can be fixed in the next 
DLA)
        NOTE: 
https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
        NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Mar 2024] DLA-3768-1 pillow - security update
+       {CVE-2021-23437 CVE-2022-22817 CVE-2023-44271}
+       [buster] - pillow 5.4.1-2+deb10u5
 [20 Mar 2024] DLA-3767-1 imagemagick - security update
        {CVE-2022-48541}
        [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u7


=====================================
data/dla-needed.txt
=====================================
@@ -211,10 +211,6 @@ pdns-recursor (dleidert)
   NOTE: 20240306: Added by Front-Desk (opal)
   NOTE: 20240319: Upload postponed due to #1067124 (dleidert)
 --
-pillow (Sean)
-  NOTE: 20240321: Added by Front-Desk (ta)
-  NOTE: 20240321: follow-up fix to CVE-2022-22817 discussed in ELA-1059-1
---
 putty
   NOTE: 20231224: Added by Front-Desk (ta)
   NOTE: 20230104: massive code change against bullseye. May be better to 
backport bullseye (rouca)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e8d59a6dcdbff7cf9afda00512cf90e8b3864

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e8d59a6dcdbff7cf9afda00512cf90e8b3864
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to