[Git][security-tracker-team/security-tracker][master] pillow triage

Moritz Muehlenhoff jmm at debian.org
Mon Jan 18 18:57:14 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5173f0f0 by Moritz Muehlenhoff at 2021-01-18T19:56:40+01:00
pillow triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9190,16 +9190,22 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to
 	NOT-FOR-US: Jaws
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5173
+	NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <not-affected> (Vulnerable code not present)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5175
+	NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5174
+	NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
 CVE-2020-35652 [remote crash in res_pjsip_diversion]
 	RESERVED
 	- asterisk 1:16.15.1~dfsg-1 (bug #979372)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5173f0f0657aa18c9f2adfd708a0e99d3d720196

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5173f0f0657aa18c9f2adfd708a0e99d3d720196
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210118/75b98f3a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list