summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorUtkarsh Gupta <utkarsh@debian.org>2020-08-08 22:35:02 +0530
committerUtkarsh Gupta <utkarsh@debian.org>2020-08-08 22:35:02 +0530
commit761a93f1108ae6c973c58d46011f300c7202430e (patch)
treeba471b515873b8c2633919b0aefdb5f7572b4eca
parente909d4973dedc01c108bbddc8b533629a130d37b (diff)
Reserve DLA-2317-1 for pillow
-rw-r--r--data/CVE/list1
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt3
3 files changed, 3 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 68ce05c641..74762ced06 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19212,7 +19212,6 @@ CVE-2020-10178
CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
- pillow 7.2.0-1
[buster] - pillow 5.4.1-2+deb10u2
- [jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
diff --git a/data/DLA/list b/data/DLA/list
index 7d5677536e..7626463be8 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[08 Aug 2020] DLA-2317-1 pillow - security update
+ {CVE-2020-10177}
+ [stretch] - pillow 4.0.0-4+deb9u2
[08 Aug 2020] DLA-2316-1 ruby-kramdown - security update
{CVE-2020-14001}
[stretch] - ruby-kramdown 1.12.0-1+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index d1fcd68f3c..8375ae01ef 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -96,9 +96,6 @@ opendmarc
--
openjdk-8 (Emilio)
--
-pillow (Utkarsh Gupta)
- NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby)
---
puma
NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy