[Secure-testing-commits] r39796 - data/CVE
Markus Koschany
apo-guest at moszumanska.debian.org
Sun Feb 21 13:53:06 UTC 2016
Author: apo-guest
Date: 2016-02-21 13:53:06 +0000 (Sun, 21 Feb 2016)
New Revision: 39796
Modified:
data/CVE/list
Log:
Mark pillow, python-imaging prior version 2.7 as not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-21 13:27:52 UTC (rev 39795)
+++ data/CVE/list 2016-02-21 13:53:06 UTC (rev 39796)
@@ -872,10 +872,12 @@
CVE-2016-XXXX [Integer overflow in Resample.c]
- pillow 3.1.1-1
- python-imaging <removed>
+ [jessie] - pillow <not-affected>
+ [wheezy] - python-imaging <not-affected>
+ [squeeze] - python-imaging <not-affected>
NOTE: https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798
- NOTE: For jessie the vulnerable code seems to be in libImaging/Antialias.c instead,
- NOTE: due to upstream commit bc0f896a47d7b2dcd6f9fc1fff88f6a25b248f8a renaming
- NOTE: Antialias and stretch to resample.
+ NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
+ NOTE: https://github.com/python-pillow/Pillow/issues/1737
CVE-2016-XXXX [AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data]
- asterisk <unfixed>
[jessie] - asterisk <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list