diff options
author | Sylvain Beucler <beuc@beuc.net> | 2021-01-19 15:53:28 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2021-01-19 15:53:55 +0100 |
commit | 09a0566173b47cbff88ff6f6b3fee5560532315e (patch) | |
tree | 9c4de811828097c90e54055efe500d945a02b954 | |
parent | 91b50f389f5f36b71245d2579ad3c33412de4261 (diff) |
pillow: stretch triage
-rw-r--r-- | data/CVE/list | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index e3a0a4ce93..0856cd9d78 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9231,18 +9231,23 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...) - pillow 8.1.0-1 [buster] - pillow <no-dsa> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5173 NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5 + NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0) CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...) - pillow 8.1.0-1 [buster] - pillow <not-affected> (Vulnerable code not present) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5175 NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c + NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...) - pillow 8.1.0-1 [buster] - pillow <no-dsa> (Minor issue) + [stretch] - pillow <postponed> (Minor issue, buffer read overflow) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5174 NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf |