[Git][security-tracker-team/security-tracker][master] Reserve DLA-2317-1 for pillow

Utkarsh Gupta utkarsh at debian.org
Sat Aug 8 18:08:06 BST 2020



Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
761a93f1 by Utkarsh Gupta at 2020-08-08T22:35:02+05:30
Reserve DLA-2317-1 for pillow

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19212,7 +19212,6 @@ CVE-2020-10178
 CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
 	- pillow 7.2.0-1
 	[buster] - pillow 5.4.1-2+deb10u2
-	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4503
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Aug 2020] DLA-2317-1 pillow - security update
+	{CVE-2020-10177}
+	[stretch] - pillow 4.0.0-4+deb9u2
 [08 Aug 2020] DLA-2316-1 ruby-kramdown - security update
 	{CVE-2020-14001}
 	[stretch] - ruby-kramdown 1.12.0-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -96,9 +96,6 @@ opendmarc
 --
 openjdk-8 (Emilio)
 --
-pillow (Utkarsh Gupta)
-  NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby)
---
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761a93f1108ae6c973c58d46011f300c7202430e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761a93f1108ae6c973c58d46011f300c7202430e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200808/ab154c0c/attachment.html>


More information about the debian-security-tracker-commits mailing list