[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-30595/pillow

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e3f25857 by Salvatore Bonaccorso at 2022-05-26T10:32:52+02:00
Update status for CVE-2022-30595/pillow

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2941,8 +2941,12 @@ CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk
 	- moodle <removed>
 CVE-2022-30595 (libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...)
 	- pillow <unfixed>
+	[bullseye] - pillow <not-affected> (Vulnerable code introduce later)
+	[buster] - pillow <not-affected> (Vulnerable code introduce later)
+	[stretch] - pillow <not-affected> (Vulnerable code introduce later)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html#security
-	NOTE: https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280 (9.1.1)
+	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/0d729941a89af9e00d9d01d14ec144ab358410cd (9.1.0)
+	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280 (9.1.1)
 CVE-2022-30593
 	RESERVED
 CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3f2585702a87db61f29bfd2ec80a0b7dfcc0b50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3f2585702a87db61f29bfd2ec80a0b7dfcc0b50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/ab5e1eaf/attachment-0001.htm>