diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2024-03-22 17:55:44 +0800 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2024-03-22 17:56:10 +0800 |
| commit | dd5e8d59a6dcdbff7cf9afda00512cf90e8b3864 (patch) | |
| tree | dd167a4d7c4cb22934857d3aa89e59c0fe6bef74 | |
| parent | 8d06da2838a9e9b385e671ad61f0e5b99c5e7222 (diff) | |
Reserve DLA-3768-1 for pillow
| -rw-r--r-- | data/CVE/list | 2 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 4 |
3 files changed, 3 insertions, 6 deletions
diff --git a/data/CVE/list b/data/CVE/list index e56037d69d..7ac28ce357 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -28595,7 +28595,6 @@ CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial - pillow 10.0.0-1 [bookworm] - pillow <no-dsa> (Minor issue) [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/7244 NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0) CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...) @@ -226035,7 +226034,6 @@ CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vu CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) - pillow 8.3.2-1 [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA) NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 diff --git a/data/DLA/list b/data/DLA/list index ea9e6e7b8a..bd97192170 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[22 Mar 2024] DLA-3768-1 pillow - security update + {CVE-2021-23437 CVE-2022-22817 CVE-2023-44271} + [buster] - pillow 5.4.1-2+deb10u5 [20 Mar 2024] DLA-3767-1 imagemagick - security update {CVE-2022-48541} [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u7 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 547c846e08..c19a249853 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -211,10 +211,6 @@ pdns-recursor (dleidert) NOTE: 20240306: Added by Front-Desk (opal) NOTE: 20240319: Upload postponed due to #1067124 (dleidert) -- -pillow (Sean) - NOTE: 20240321: Added by Front-Desk (ta) - NOTE: 20240321: follow-up fix to CVE-2022-22817 discussed in ELA-1059-1 --- putty NOTE: 20231224: Added by Front-Desk (ta) NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca) |