[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-27921,CVE-2021-27922,CVE-2021-27923/pillow: reference patch

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffdc5ede by Sylvain Beucler at 2021-03-15T13:33:09+01:00
CVE-2021-27921,CVE-2021-27922,CVE-2021-27923/pillow: reference patch

- - - - -
d923020f by Sylvain Beucler at 2021-03-15T14:09:10+01:00
CVE-2021-25289,CVE-2021-25290,CVE-2021-25291,CVE-2021-2529,CVE-2021-25293/pillow: reference patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1089,14 +1089,17 @@ CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of servic
 	- pillow 8.1.2-1
 	[buster] - pillow <ignored> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
 CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow 8.1.2-1
 	[buster] - pillow <ignored> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
 CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
 	- pillow 8.1.2-1
 	[buster] - pillow <ignored> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
 CVE-2021-27920
 	RESERVED
 CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...)
@@ -7405,27 +7408,33 @@ CVE-2021-25293
 	- pillow 8.1.1-1
 	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
+	NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (v4.3.0)
 CVE-2021-25292
 	RESERVED
 	- pillow 8.1.1-1
 	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
 CVE-2021-25291
 	RESERVED
 	- pillow 8.1.1-1
 	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
 CVE-2021-25290
 	RESERVED
 	- pillow 8.1.1-1
 	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
 CVE-2021-25289
 	RESERVED
 	- pillow 8.1.1-1
 	[buster] - pillow <not-affected> (Vulnerable code not present)
 	[stretch] - pillow <not-affected> (Vulnerable code not present)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+	NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
 CVE-2021-25288
 	RESERVED
 CVE-2021-25287



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b984e4ab51e969f4637bff88b313f5ff2d6b1720...d923020f8d6b8f32d3d19b6d14dcd31195ea3052

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b984e4ab51e969f4637bff88b313f5ff2d6b1720...d923020f8d6b8f32d3d19b6d14dcd31195ea3052
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/a13f0b71/attachment.htm>