[Git][security-tracker-team/security-tracker][master] Add CVE-2020-3565{3,4,5}/pillow

Salvatore Bonaccorso carnil at debian.org
Wed Jan 13 07:33:40 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3016892d by Salvatore Bonaccorso at 2021-01-13T08:32:43+01:00
Add CVE-2020-3565{3,4,5}/pillow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6282,11 +6282,17 @@ CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to
 CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
 	NOT-FOR-US: Jaws
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
-	TODO: check
+	- pillow 8.1.0-1
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+	NOTE: https://github.com/python-pillow/Pillow/pull/5173
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
-	TODO: check
+	- pillow 8.1.0-1
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+	NOTE: https://github.com/python-pillow/Pillow/pull/5175
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
-	TODO: check
+	- pillow 8.1.0-1
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+	NOTE: https://github.com/python-pillow/Pillow/pull/5174
 CVE-2020-35652 [remote crash in res_pjsip_diversion]
 	RESERVED
 	- asterisk <unfixed> (bug #979372)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3016892db010247de244146a8dcbe78be1380d3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3016892db010247de244146a8dcbe78be1380d3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210113/6d2cfabc/attachment.html>

More information about the debian-security-tracker-commits mailing list