FWIW I'm fairly convinced that the first vulnerable version for CVE-2020-5310
is 6.0.0, which is the first release that included
https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f
which introduced
the overflow when switching away from the safer TIFFTileSize
Control: found -1 6.2.1-2
Control: retitle pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311
CVE-2020-5312 CVE-2020-5313
Hi,
On Sun, Jan 05, 2020 at 04:30:36PM +0100, Markus Koschany wrote:
> The following vulnerabilities were published for pillow. It appears they
> are fixed in version 6.2.2.
Package: pillow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for pillow. It appears they
are fixed in version 6.2.2.
CVE-2020-5310[0]:
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding
| integer overflow
3 matches
Mail list logo