[Git][security-tracker-team/security-tracker][master] Add CVE-2025-48379/pillow
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 1 22:16:04 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf968dbb by Salvatore Bonaccorso at 2025-07-01T23:09:02+02:00
Add CVE-2025-48379/pillow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,7 +73,10 @@ CVE-2025-49480 (Out-of-bounds access in ASR180x \u3001ASR190x in lte-telephony,
CVE-2025-49029 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48379 (Pillow is a Python imaging library. In versions 11.2.0 to before 11.3. ...)
- TODO: check
+ - pillow <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
+ NOTE: https://github.com/python-pillow/Pillow/pull/9041
+ NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4 (11.3.0)
CVE-2025-46259 (Missing Authorization vulnerability in POSIMYTH Innovation The Plus Ad ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-45872 (zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery ( ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf968dbbd42a488faca328cbf584aefea6833aa1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf968dbbd42a488faca328cbf584aefea6833aa1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250701/ab380cab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list