[Git][security-tracker-team/security-tracker][master] new pillow issue

Moritz Muehlenhoff jmm at debian.org
Fri Oct 18 16:35:07 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8712048a by Moritz Muehlenhoff at 2019-10-18T15:34:42Z
new pillow issue
mojarra n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2115,7 +2115,7 @@ CVE-2019-17633
 CVE-2019-17632
 	RESERVED
 CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...)
-	TODO: check
+	NOT-FOR-US: Eclipse OpenJ9
 CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-17629 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
@@ -2251,7 +2251,7 @@ CVE-2019-17594 (There is a heap-based buffer over-read in the _nc_find_entry fun
 CVE-2019-17593 (JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an adm ...)
 	NOT-FOR-US: JIZHICMS
 CVE-2019-17592 (The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular ...)
-	TODO: check
+	NOT-FOR-US: csv-parse Node module
 CVE-2019-17591
 	RESERVED
 CVE-2019-17590
@@ -3521,7 +3521,7 @@ CVE-2019-17093
 CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...)
 	NOT-FOR-US: OpenProject
 CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used  ...)
-	TODO: check
+	- mojarra <not-affected> (Vulnerable code not present)
 CVE-2019-17090
 	RESERVED
 CVE-2019-17089
@@ -4161,7 +4161,10 @@ CVE-2015-9410 (The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has
 CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...)
-	TODO: check
+	- pillow 6.2.0-1 (low)
+	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
+	- python-imaging <removed>
 CVE-2019-16864
 	RESERVED
 CVE-2019-16863



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8712048ab7aa43ea58edb07e9a63e724dbc818f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8712048ab7aa43ea58edb07e9a63e724dbc818f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191018/7aad9cbf/attachment.html>

More information about the debian-security-tracker-commits mailing list