From 5173f0f0657aa18c9f2adfd708a0e99d3d720196 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 18 Jan 2021 19:56:40 +0100
Subject: pillow triage

---
 data/CVE/list | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 9e71d918ec..a029edd2c6 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9190,16 +9190,22 @@ CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to
 	NOT-FOR-US: Jaws
 CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5173
+	NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
 CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <not-affected> (Vulnerable code not present)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5175
+	NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
 CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
 	- pillow 8.1.0-1
+	[buster] - pillow <no-dsa> (Minor issue)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
 	NOTE: https://github.com/python-pillow/Pillow/pull/5174
+	NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
 CVE-2020-35652 [remote crash in res_pjsip_diversion]
 	RESERVED
 	- asterisk 1:16.15.1~dfsg-1 (bug #979372)
-- 
cgit v1.2.3