[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Feb 20 21:07:39 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24329ad5 by Moritz Muehlenhoff at 2020-02-20T22:07:17+01:00
NFUs
pillow updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8808,6 +8808,7 @@ CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode bu
 	NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2)
 CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...)
 	- pillow 7.0.0-1 (bug #948224)
+	[stretch] - pillow <not-affected> (Vulnerable code not present)
 	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2)
 CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...)
@@ -26900,13 +26901,13 @@ CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 v
 CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...)
 	NOT-FOR-US: Landing-CMS
 CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for K ...)
-	TODO: check
+	NOT-FOR-US: NXP
 CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
-	TODO: check
+	NOT-FOR-US: Dialog Semiconductor
 CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...)
-	TODO: check
+	NOT-FOR-US: Dialog Semiconductor
 CVE-2019-17516
 	RESERVED
 CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...)
@@ -28023,9 +28024,9 @@ CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF fi
 CVE-2019-17062 (An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x befor ...)
 	NOT-FOR-US: OXID eShop
 CVE-2019-17061 (The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4  ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2019-17060 (The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z ( ...)
-	TODO: check
+	NOT-FOR-US: NXP
 CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
 	NOT-FOR-US: Sophos
 CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...)
@@ -28725,7 +28726,6 @@ CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...)
 	- pillow 6.2.0-1 (low)
-	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	[jessie] - pillow <no-dsa> (Risk of regressions is too high)
 	- python-imaging <removed>
@@ -30089,7 +30089,7 @@ CVE-2019-16338
 CVE-2019-16337
 	RESERVED
 CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	{DSA-4542-1 DLA-1943-1}
 	- jackson-databind 2.10.0-1 (bug #940498)
@@ -35577,7 +35577,7 @@ CVE-2019-XXXX [Buffer overflow during processing of large server replies]
 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
 	NOT-FOR-US: pandao Editor.md
 CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...)
-	TODO: check
+	NOT-FOR-US: Amazon AWS JavaScript S3 Explorer
 CVE-2019-14651
 	RESERVED
 CVE-2019-14650
@@ -35691,7 +35691,7 @@ CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) S
 CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
 	NOT-FOR-US: Intel
 CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14597
 	RESERVED
 CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
@@ -35920,7 +35920,7 @@ CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate
 CVE-2019-14515
 	RESERVED
 CVE-2019-14514 (An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. ...)
-	TODO: check
+	NOT-FOR-US: Microvirt MEmu
 CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
 	{DLA-1921-1}
 	- dnsmasq 2.76-1
@@ -40761,9 +40761,9 @@ CVE-2019-13324 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2019-13323 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Studio Photo
 CVE-2019-13322 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2019-13321 (This vulnerability allows network adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2019-13320 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary code o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24329ad5f16ea408a23dbb900ebc4b38b458d6aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24329ad5f16ea408a23dbb900ebc4b38b458d6aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200220/f09f0454/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list