[Secure-testing-commits] r31529 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 19 07:30:26 UTC 2015
Author: jmm
Date: 2015-01-19 07:30:26 +0000 (Mon, 19 Jan 2015)
New Revision: 31529
Modified:
data/CVE/list
Log:
pillow CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-19 07:21:55 UTC (rev 31528)
+++ data/CVE/list 2015-01-19 07:30:26 UTC (rev 31529)
@@ -272,7 +272,12 @@
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of ...)
- TODO: check
+ - pillow <unfixed>
+ - python-imaging <removed>
+ [wheezy] - python-imaging <no-dsa> (Minor issue)
+ NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
+ NOTE: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
+ NOTE: CVE Request: https://marc.info/?l=oss-security&m=142055745031061&w=2
CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 ...)
TODO: check
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in ...)
@@ -2023,14 +2028,6 @@
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.mantisbt.org/bugs/view.php?id=9885
-CVE-2015-XXXX [DoS]
- - pillow <unfixed>
- - python-imaging <removed>
- [wheezy] - python-imaging <no-dsa> (Minor issue)
- NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
- NOTE: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
- NOTE: CVE Request: https://marc.info/?l=oss-security&m=142055745031061&w=2
- TODO: check
CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
{DSA-3128-1}
- linux 3.16.7-ckt4-1
More information about the Secure-testing-commits
mailing list