summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2021-01-18 19:56:40 +0100
committerMoritz Muehlenhoff <jmm@debian.org>2021-01-18 19:56:40 +0100
commit5173f0f0657aa18c9f2adfd708a0e99d3d720196 (patch)
tree5515c50cdaa11e1d1d2601fb4987640ccf02539b
parentccdb22406f71d609938ff6e6d22a963a05a68fc4 (diff)
pillow triage
-rw-r--r--data/CVE/list6
1 files changed, 6 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 9e71d918ec..a029edd2c6 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9190,16 +9190,22 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to
NOT-FOR-US: Jaws
CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
- pillow 8.1.0-1
+ [buster] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
NOTE: https://github.com/python-pillow/Pillow/pull/5173
+ NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
- pillow 8.1.0-1
+ [buster] - pillow <not-affected> (Vulnerable code not present)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
NOTE: https://github.com/python-pillow/Pillow/pull/5175
+ NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
- pillow 8.1.0-1
+ [buster] - pillow <no-dsa> (Minor issue)
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
NOTE: https://github.com/python-pillow/Pillow/pull/5174
+ NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
CVE-2020-35652 [remote crash in res_pjsip_diversion]
RESERVED
- asterisk 1:16.15.1~dfsg-1 (bug #979372)

© 2014-2024 Faster IT GmbH | imprint | privacy policy