[Git][security-tracker-team/security-tracker][master] Track fixed version for three CVEs for pillow via unstable

Salvatore Bonaccorso carnil at debian.org
Thu Mar 4 08:00:56 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fd76e3f by Salvatore Bonaccorso at 2021-03-04T08:59:28+01:00
Track fixed version for three CVEs for pillow via unstable

The changelog for pillow's upload to unstable lists completely different
set of CVEs, question if they are typos or additional CVEs to be
tracked, investigation pending.

The are specifically:

 pillow (8.1.1-1) unstable; urgency=high
 .
   * New upstream version.
     - Use more specific regex chars to prevent ReDoS. CVE-2021-25292.
     - Fix OOB Read in TiffDecode.c, and check the tile validity before reading.
       CVE-2021-25291.
     - Fix negative size read in TiffDecode.c. CVE-2021-25290.
     - Fix OOB read in SgiRleDecode.c. CVE-2021-25293.
     - Incorrect error code checking in TiffDecode.c. CVE-2021-25289.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,13 +22,13 @@ CVE-2021-27925
 CVE-2021-27924
 	RESERVED
 CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
-	- pillow <unfixed>
+	- pillow 8.1.1-1
 	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
-	- pillow <unfixed>
+	- pillow 8.1.1-1
 	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
-	- pillow <unfixed>
+	- pillow 8.1.1-1
 	[buster] - pillow <ignored> (Minor issue)
 CVE-2021-27920
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210304/9638f1f8/attachment.htm>

More information about the debian-security-tracker-commits mailing list