[Git][security-tracker-team/security-tracker][master] Track fixed version for three CVEs for pillow via unstable

Thu, 04 Mar 2021 00:01:05 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7fd76e3f by Salvatore Bonaccorso at 2021-03-04T08:59:28+01:00
Track fixed version for three CVEs for pillow via unstable

The changelog for pillow's upload to unstable lists completely different
set of CVEs, question if they are typos or additional CVEs to be
tracked, investigation pending.

The are specifically:

 pillow (8.1.1-1) unstable; urgency=high
 .
   * New upstream version.
     - Use more specific regex chars to prevent ReDoS. CVE-2021-25292.
     - Fix OOB Read in TiffDecode.c, and check the tile validity before reading.
       CVE-2021-25291.
     - Fix negative size read in TiffDecode.c. CVE-2021-25290.
     - Fix OOB read in SgiRleDecode.c. CVE-2021-25293.
     - Incorrect error code checking in TiffDecode.c. CVE-2021-25289.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,13 +22,13 @@ CVE-2021-27925
 CVE-2021-27924
        RESERVED
 CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of 
service (mem ...)
-       - pillow <unfixed>
+       - pillow 8.1.1-1
        [buster] - pillow <ignored> (Minor issue)
 CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of 
service (mem ...)
-       - pillow <unfixed>
+       - pillow 8.1.1-1
        [buster] - pillow <ignored> (Minor issue)
 CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of 
service (mem ...)
-       - pillow <unfixed>
+       - pillow 8.1.1-1
        [buster] - pillow <ignored> (Minor issue)
 CVE-2021-27920
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd76e3fa8a5c15c735318551dc31f874b6f8043
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to