[Secure-testing-commits] r40939 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 14 21:23:32 UTC 2016
Author: carnil
Date: 2016-04-14 21:23:32 +0000 (Thu, 14 Apr 2016)
New Revision: 40939
Modified:
data/CVE/list
Log:
Update information for CVE-2016-4009
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-14 21:17:19 UTC (rev 40938)
+++ data/CVE/list 2016-04-14 21:23:32 UTC (rev 40939)
@@ -6,8 +6,6 @@
RESERVED
CVE-2016-4010
RESERVED
-CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in ...)
- TODO: check
CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...)
TODO: check
CVE-2016-4006
@@ -4994,14 +4992,15 @@
RESERVED
CVE-2015-8798
RESERVED
-CVE-2016-XXXX [Integer overflow in Resample.c]
+CVE-2016-4009 [Integer overflow in Resample.c]
- pillow 3.1.1-1
[jessie] - pillow <not-affected>
- python-imaging <removed>
[wheezy] - python-imaging <not-affected>
[squeeze] - python-imaging <not-affected>
- NOTE: https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798
+ NOTE: https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
+ NOTE: https://github.com/python-pillow/Pillow/pull/1714
NOTE: https://github.com/python-pillow/Pillow/issues/1737
CVE-2016-2232 (Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...)
- asterisk 1:13.7.2~dfsg-1
More information about the Secure-testing-commits
mailing list