Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a672e14d by Salvatore Bonaccorso at 2026-07-06T21:46:07+02:00
Add new pillow issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,19 +43,28 @@ CVE-2026-55994 (Improper Input Validation, Exposure of
Sensitive Information to
CVE-2026-55993 (Improper Input Validation, Exposure of Sensitive Information
to an Una ...)
TODO: check
CVE-2026-55798 (Pillow is a Python imaging library. Prior to 12.3.0,
WindowsViewer.get ...)
- TODO: check
+ - pillow <not-affected> (Only affects Windows specific WindowsViewer)
+ NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6
CVE-2026-55380 (Pillow is a Python imaging library. Prior to 12.3.0,
PIL/GdImageFile.p ...)
- TODO: check
+ - pillow <unfixed>
+ NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm
+ NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675
(12.3.0)
CVE-2026-55379 (Pillow is a Python imaging library. Prior to 12.3.0,
PIL/BdfFontFile.p ...)
- TODO: check
+ - pillow <unfixed>
+ NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc
+ NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
(12.3.0)
CVE-2026-54893 (URL path injection in the Microsoft Graph adapter of Swoosh.
Swoosh.Ad ...)
TODO: check
CVE-2026-54291 (pgjdbc is an open source postgresql JDBC Driver. In releases
42.7.4 th ...)
TODO: check
CVE-2026-54060 (Pillow is a Python imaging library. Prior to 12.3.0,
PIL/FontFile.py F ...)
- TODO: check
+ - pillow <unfixed>
+ NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2
+ NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
(12.3.0)
CVE-2026-54059 (Pillow is a Python imaging library. Prior to 12.3.0,
PIL/PcfFontFile.p ...)
- TODO: check
+ - pillow <unfixed>
+ NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x
+ NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d
(12.3.0)
CVE-2026-53913 (Improper Authentication, Missing Authentication for Critical
Function, ...)
TODO: check
CVE-2026-4249 (The throttling event handling mechanism in multiple WSO2
products acce ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a672e14d0904689e5accd413ec40e52b6ebfe07a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a672e14d0904689e5accd413ec40e52b6ebfe07a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits