[Git][security-tracker-team/security-tracker][master] pillow fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 13 18:39:38 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5620cbf by Moritz Mühlenhoff at 2021-06-13T19:39:08+02:00
pillow fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14163,28 +14163,28 @@ CVE-2021-28679
RESERVED
CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
[buster] - pillow <no-dsa> (Minor issue)
[stretch] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
@@ -22513,13 +22513,13 @@ CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a
NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (unimportant; bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
NOTE: Debian packages are built without JPEG2000 support
CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
[experimental] - pillow 8.2.0-1
- - pillow <unfixed> (unimportant; bug #989062)
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
NOTE: Debian packages are built without JPEG2000 support
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5620cbf3868ea79b15132d9a07aacd4f5ce1f87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5620cbf3868ea79b15132d9a07aacd4f5ce1f87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210613/252a4013/attachment.htm>
More information about the debian-security-tracker-commits
mailing list