From f03d124e7762dc918cc1d67c78ab5b6b5729370e Mon Sep 17 00:00:00 2001
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sat, 8 Aug 2020 22:35:02 +0530
Subject: Reserve DLA-2317-1 for pillow

---
 data/CVE/2020.list  | 1 -
 data/DLA/list       | 3 +++
 data/dla-needed.txt | 3 ---
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6bb10cad6e..0223338713 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -17044,7 +17044,6 @@ CVE-2020-10178
 CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
 	- pillow 7.2.0-1
 	[buster] - pillow 5.4.1-2+deb10u2
-	[jessie] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4503
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0
diff --git a/data/DLA/list b/data/DLA/list
index 7d5677536e..7626463be8 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[08 Aug 2020] DLA-2317-1 pillow - security update
+	{CVE-2020-10177}
+	[stretch] - pillow 4.0.0-4+deb9u2
 [08 Aug 2020] DLA-2316-1 ruby-kramdown - security update
 	{CVE-2020-14001}
 	[stretch] - ruby-kramdown 1.12.0-1+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index d1fcd68f3c..8375ae01ef 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -96,9 +96,6 @@ opendmarc
 --
 openjdk-8 (Emilio)
 --
-pillow (Utkarsh Gupta)
-  NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby)
---
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)
 --
-- 
cgit v1.2.3