[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2021-29495 in nim for stretch LTS.

Chris Lamb (@lamby) lamby at debian.org
Tue May 11 10:33:53 BST 2021



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0446d762 by Chris Lamb at 2021-05-11T10:30:35+01:00
Triage CVE-2021-29495 in nim for stretch LTS.

- - - - -
87c90532 by Chris Lamb at 2021-05-11T10:33:30+01:00
Triage CVE-2021-25287, CVE-2021-25288, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677 & CVE-2021-28678 in pillow for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6885,6 +6885,7 @@ CVE-2021-29496
 CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...)
 	- nim 1.4.2-1
 	[buster] - nim <no-dsa> (Minor issue)
+	[stretch] - nim <no-dsa> (Minor issue)
 	NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr
 CVE-2021-29494
 	RESERVED
@@ -8804,6 +8805,7 @@ CVE-2021-28678
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
 	NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
 CVE-2021-28677
@@ -8811,6 +8813,7 @@ CVE-2021-28677
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
 	NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
 CVE-2021-28676
@@ -8818,6 +8821,7 @@ CVE-2021-28676
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
 	NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
 CVE-2021-28675
@@ -8825,6 +8829,7 @@ CVE-2021-28675
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
 	NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497
 CVE-2021-28674
@@ -17103,6 +17108,7 @@ CVE-2021-25288
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 	NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
 CVE-2021-25287
@@ -17110,6 +17116,7 @@ CVE-2021-25287
 	[experimental] - pillow 8.2.0-1
 	- pillow <unfixed>
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
 CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...)
 	{DSA-4833-1 DLA-2528-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2225d3b0fed0d4373f2331ef82a866f7bfe0f1cd...87c905320f553eae3188bac207236dbf527180cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2225d3b0fed0d4373f2331ef82a866f7bfe0f1cd...87c905320f553eae3188bac207236dbf527180cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210511/ff5fdcfa/attachment.htm>


More information about the debian-security-tracker-commits mailing list