Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 76599329 by Salvatore Bonaccorso at 2021-03-09T09:20:20+01:00 Update tracking information for CVE-2021-2792{1,2,3}/pillow Those got fixed only in 8.1.2 upstream and so are unrelated to the 8.1.1 upload (MITRE CNA refrences the 8.1.1 release notes, but this might be wrong, but is consistent with the description). No commit references are given (yet), so those need to be researched. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -382,14 +382,17 @@ CVE-2021-27925 CVE-2021-27924 RESERVED CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow 8.1.1-1 + - pillow 8.1.2-1 [buster] - pillow <ignored> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow 8.1.1-1 + - pillow 8.1.2-1 [buster] - pillow <ignored> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow 8.1.1-1 + - pillow 8.1.2-1 [buster] - pillow <ignored> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html CVE-2021-27920 RESERVED CVE-2021-27919 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7659932970aad622cbc8c708f3d903a506e84de2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7659932970aad622cbc8c708f3d903a506e84de2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits