[Git][security-tracker-team/security-tracker][master] Several pillow issues fixed in unstable upload
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 16 13:46:56 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9beba2d3 by Salvatore Bonaccorso at 2020-07-16T14:46:26+02:00
Several pillow issues fixed in unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11690,7 +11690,7 @@ CVE-2020-11540
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...)
NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4504
NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -13097,7 +13097,7 @@ CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...)
- - pillow <unfixed> (low)
+ - pillow 7.2.0-1 (low)
[buster] - pillow <no-dsa> (Minor issue)
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4505
@@ -15011,7 +15011,7 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
[stretch] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
@@ -15019,7 +15019,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
NOTE: https://github.com/python-pillow/Pillow/pull/4507
NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <not-affected> (Vulnerable code not present)
[jessie] - pillow <no-dsa> (Minor issue)
@@ -15492,7 +15492,7 @@ CVE-2020-10179
CVE-2020-10178
REJECTED
CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
- - pillow <unfixed>
+ - pillow 7.2.0-1
[buster] - pillow <ignored> (Minor issue)
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9beba2d328cfeaa8209cce7118848ea57802f9d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9beba2d328cfeaa8209cce7118848ea57802f9d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200716/456f3818/attachment.html>
More information about the debian-security-tracker-commits
mailing list