summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorUtkarsh Gupta <utkarsh@debian.org>2020-08-08 22:35:02 +0530
committerUtkarsh Gupta <utkarsh@debian.org>2020-08-08 22:35:02 +0530
commitf03d124e7762dc918cc1d67c78ab5b6b5729370e (patch)
tree0500da6ca1fc96bffa11c33350c5b5e54ebddb09
parent7fb6ceb528aad1dc0e0ad1adfa7ef5c986914eb0 (diff)
Reserve DLA-2317-1 for pillow
-rw-r--r--data/CVE/2020.list1
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt3
3 files changed, 3 insertions, 4 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6bb10cad6e..0223338713 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -17044,7 +17044,6 @@ CVE-2020-10178
CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
- pillow 7.2.0-1
[buster] - pillow 5.4.1-2+deb10u2
- [jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
diff --git a/data/DLA/list b/data/DLA/list
index 7d5677536e..7626463be8 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[08 Aug 2020] DLA-2317-1 pillow - security update
+ {CVE-2020-10177}
+ [stretch] - pillow 4.0.0-4+deb9u2
[08 Aug 2020] DLA-2316-1 ruby-kramdown - security update
{CVE-2020-14001}
[stretch] - ruby-kramdown 1.12.0-1+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index d1fcd68f3c..8375ae01ef 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -96,9 +96,6 @@ opendmarc
--
openjdk-8 (Emilio)
--
-pillow (Utkarsh Gupta)
- NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby)
---
puma
NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy