[Git][security-tracker-team/security-tracker][master] drop no-dsa tags for bullseye/pillow for upcoming NMU

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jun 13 18:37:15 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd3a576c by Moritz Muehlenhoff at 2021-06-13T19:36:24+02:00
drop no-dsa tags for bullseye/pillow for upcoming NMU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14164,7 +14164,6 @@ CVE-2021-28679
 CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
@@ -14172,7 +14171,6 @@ CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, Bl
 CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
@@ -14180,7 +14178,6 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th
 CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
@@ -14188,7 +14185,6 @@ CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, Fl
 CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...)
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
 	[buster] - pillow <no-dsa> (Minor issue)
 	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
@@ -22517,20 +22513,16 @@ CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a
 	NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
 CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
 	[experimental] - pillow 8.2.0-1
-	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
-	[buster] - pillow <no-dsa> (Minor issue)
-	[stretch] - pillow <no-dsa> (Minor issue)
+	- pillow <unfixed> (unimportant; bug #989062)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 	NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+	NOTE: Debian packages are built without JPEG2000 support
 CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
 	[experimental] - pillow 8.2.0-1
-	- pillow <unfixed> (bug #989062)
-	[bullseye] - pillow <no-dsa> (Minor issue)
-	[buster] - pillow <no-dsa> (Minor issue)
-	[stretch] - pillow <no-dsa> (Minor issue)
+	- pillow <unfixed> (unimportant; bug #989062)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 	NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+	NOTE: Debian packages are built without JPEG2000 support
 CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...)
 	{DSA-4833-1 DLA-2528-1}
 	- gst-plugins-bad1.0 1.18.1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd3a576c6288b76cfb6527bbfbf3dfebab1b9e01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd3a576c6288b76cfb6527bbfbf3dfebab1b9e01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210613/d6f7de3f/attachment.htm>

More information about the debian-security-tracker-commits mailing list