Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7fd76e3f by Salvatore Bonaccorso at 2021-03-04T08:59:28+01:00 Track fixed version for three CVEs for pillow via unstable The changelog for pillow's upload to unstable lists completely different set of CVEs, question if they are typos or additional CVEs to be tracked, investigation pending. The are specifically: pillow (8.1.1-1) unstable; urgency=high . * New upstream version. - Use more specific regex chars to prevent ReDoS. CVE-2021-25292. - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291. - Fix negative size read in TiffDecode.c. CVE-2021-25290. - Fix OOB read in SgiRleDecode.c. CVE-2021-25293. - Incorrect error code checking in TiffDecode.c. CVE-2021-25289. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -22,13 +22,13 @@ CVE-2021-27925 CVE-2021-27924 RESERVED CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27920 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits