Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a672e14d by Salvatore Bonaccorso at 2026-07-06T21:46:07+02:00
Add new pillow issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,19 +43,28 @@ CVE-2026-55994 (Improper Input Validation, Exposure of 
Sensitive Information to
 CVE-2026-55993 (Improper Input Validation, Exposure of Sensitive Information 
to an Una ...)
        TODO: check
 CVE-2026-55798 (Pillow is a Python imaging library. Prior to 12.3.0, 
WindowsViewer.get ...)
-       TODO: check
+       - pillow <not-affected> (Only affects Windows specific WindowsViewer)
+       NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6
 CVE-2026-55380 (Pillow is a Python imaging library. Prior to 12.3.0, 
PIL/GdImageFile.p ...)
-       TODO: check
+       - pillow <unfixed>
+       NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm
+       NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675
 (12.3.0)
 CVE-2026-55379 (Pillow is a Python imaging library. Prior to 12.3.0, 
PIL/BdfFontFile.p ...)
-       TODO: check
+       - pillow <unfixed>
+       NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc
+       NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
 (12.3.0)
 CVE-2026-54893 (URL path injection in the Microsoft Graph adapter of Swoosh. 
Swoosh.Ad ...)
        TODO: check
 CVE-2026-54291 (pgjdbc is an open source postgresql JDBC Driver. In releases 
42.7.4 th ...)
        TODO: check
 CVE-2026-54060 (Pillow is a Python imaging library. Prior to 12.3.0, 
PIL/FontFile.py F ...)
-       TODO: check
+       - pillow <unfixed>
+       NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2
+       NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
 (12.3.0)
 CVE-2026-54059 (Pillow is a Python imaging library. Prior to 12.3.0, 
PIL/PcfFontFile.p ...)
-       TODO: check
+       - pillow <unfixed>
+       NOTE: 
https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x
+       NOTE: Fixed by: 
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
 (12.3.0)
 CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical 
Function, ...)
        TODO: check
 CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2 
products acce ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a672e14d0904689e5accd413ec40e52b6ebfe07a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a672e14d0904689e5accd413ec40e52b6ebfe07a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to