Bug#948224: pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

FWIW I'm fairly convinced that the first vulnerable version for CVE-2020-5310 is 6.0.0, which is the first release that included https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f which introduced the overflow when switching away from the safer TIFFTileSize

Processed (with 1 error): Re: Bug#948224: pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

Processing control commands: > found -1 6.2.1-2 Bug #948224 [pillow] pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 There is no source info for the package 'pillow' at version '6.2.1-2' with architecture '' Unable to make a source version for version '6.2.1-2' Marked as found

Bug#948224: pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

Control: found -1 6.2.1-2 Control: retitle pillow: CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Hi, On Sun, Jan 05, 2020 at 04:30:36PM +0100, Markus Koschany wrote: > The following vulnerabilities were published for pillow. It appears they > are fixed in version 6.2.2.

Bug#948224: pillow: CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

Package: pillow X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for pillow. It appears they are fixed in version 6.2.2. CVE-2020-5310[0]: | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding | integer