<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043">7fd76e3f</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2021-03-04T08:59:28+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Track fixed version for three CVEs for pillow via unstable

The changelog for pillow's upload to unstable lists completely different

set of CVEs, question if they are typos or additional CVEs to be

tracked, investigation pending.

The are specifically:

 pillow (8.1.1-1) unstable; urgency=high

 .

   * New upstream version.

     - Use more specific regex chars to prevent ReDoS. CVE-2021-25292.

     - Fix OOB Read in TiffDecode.c, and check the tile validity before reading.

       CVE-2021-25291.

     - Fix negative size read in TiffDecode.c. CVE-2021-25290.

     - Fix OOB read in SgiRleDecode.c. CVE-2021-25293.

     - Incorrect error code checking in TiffDecode.c. CVE-2021-25289.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043"}}</script>

</p>

</div>

</body>

</html>