From 09a0566173b47cbff88ff6f6b3fee5560532315e Mon Sep 17 00:00:00 2001 From: Sylvain Beucler Date: Tue, 19 Jan 2021 15:53:28 +0100 Subject: pillow: stretch triage --- data/CVE/list | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/data/CVE/list b/data/CVE/list index e3a0a4ce93..0856cd9d78 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9231,18 +9231,23 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...) - pillow 8.1.0-1 [buster] - pillow (Minor issue) + [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5173 NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5 + NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0) CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...) - pillow 8.1.0-1 [buster] - pillow (Vulnerable code not present) + [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5175 NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c + NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...) - pillow 8.1.0-1 [buster] - pillow (Minor issue) + [stretch] - pillow (Minor issue, buffer read overflow) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5174 NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf -- cgit v1.2.3