[Git][security-tracker-team/security-tracker][master] Add new pillow issues

Salvatore Bonaccorso carnil at debian.org
Sat May 8 07:45:43 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9143f5ad by Salvatore Bonaccorso at 2021-05-08T08:45:08+02:00
Add new pillow issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8747,12 +8747,24 @@ CVE-2021-28679
 	RESERVED
 CVE-2021-28678
 	RESERVED
+        [experimental] - pillow 8.2.0-1
+        - pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
 CVE-2021-28677
 	RESERVED
+        [experimental] - pillow 8.2.0-1
+        - pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
 CVE-2021-28676
 	RESERVED
+        [experimental] - pillow 8.2.0-1
+        - pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
 CVE-2021-28675
 	RESERVED
+        [experimental] - pillow 8.2.0-1
+        - pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
 CVE-2021-28674
 	RESERVED
 CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
@@ -17023,8 +17035,14 @@ CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a
 	NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
 CVE-2021-25288
 	RESERVED
+	[experimental] - pillow 8.2.0-1
+	- pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 CVE-2021-25287
 	RESERVED
+	[experimental] - pillow 8.2.0-1
+	- pillow <unfixed>
+	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...)
 	{DSA-4833-1 DLA-2528-1}
 	- gst-plugins-bad1.0 1.18.1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9143f5ad85b570afacfe1758347f6ad9c60e99dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9143f5ad85b570afacfe1758347f6ad9c60e99dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210508/c7e8e49b/attachment.htm>

More information about the debian-security-tracker-commits mailing list