pillow: stretch triage

1 files changed, 5 insertions, 0 deletions

diff --git a/data/CVE/list b/data/CVE/list
index e3a0a4ce93..0856cd9d78 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9231,18 +9231,23 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <not-affected> (Vulnerable code introduced later)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5173
 	NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
+	NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0)
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <not-affected> (Vulnerable code not present)
+	[stretch] - pillow <not-affected> (Vulnerable code introduced later)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5175
 	NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
+	NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
 	- pillow 8.1.0-1
 	[buster] - pillow <no-dsa> (Minor issue)
+	[stretch] - pillow <postponed> (Minor issue, buffer read overflow)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5174
 	NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf