[Git][security-tracker-team/security-tracker][master] pillow: stretch triage

Sylvain Beucler beuc at debian.org
Tue Jan 19 14:56:17 GMT 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09a05661 by Sylvain Beucler at 2021-01-19T15:53:55+01:00
pillow: stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9231,18 +9231,23 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <not-affected> (Vulnerable code introduced later)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5173
 	NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
+	NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0)
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <not-affected> (Vulnerable code not present)
+	[stretch] - pillow <not-affected> (Vulnerable code introduced later)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5175
 	NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
+	NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <postponed> (Minor issue, buffer read overflow)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5174
 	NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09a0566173b47cbff88ff6f6b3fee5560532315e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09a0566173b47cbff88ff6f6b3fee5560532315e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210119/8143a5f4/attachment.html>

More information about the debian-security-tracker-commits mailing list