Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd3a576c by Moritz Muehlenhoff at 2021-06-13T19:36:24+02:00 drop no-dsa tags for bullseye/pillow for upcoming NMU - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -14164,7 +14164,6 @@ CVE-2021-28679 CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...) [experimental] - pillow 8.2.0-1 - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <no-dsa> (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos @@ -14172,7 +14171,6 @@ CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, Bl CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...) [experimental] - pillow 8.2.0-1 - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <no-dsa> (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open @@ -14180,7 +14178,6 @@ CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, th CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) [experimental] - pillow 8.2.0-1 - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <no-dsa> (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos @@ -14188,7 +14185,6 @@ CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, Fl CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) [experimental] - pillow 8.2.0-1 - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) [buster] - pillow <no-dsa> (Minor issue) [stretch] - pillow <no-dsa> (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin @@ -22517,20 +22513,16 @@ CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299 CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) [experimental] - pillow 8.2.0-1 - - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) - [stretch] - pillow <no-dsa> (Minor issue) + - pillow <unfixed> (unimportant; bug #989062) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 + NOTE: Debian packages are built without JPEG2000 support CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) [experimental] - pillow 8.2.0-1 - - pillow <unfixed> (bug #989062) - [bullseye] - pillow <no-dsa> (Minor issue) - [buster] - pillow <no-dsa> (Minor issue) - [stretch] - pillow <no-dsa> (Minor issue) + - pillow <unfixed> (unimportant; bug #989062) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 + NOTE: Debian packages are built without JPEG2000 support CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...) {DSA-4833-1 DLA-2528-1} - gst-plugins-bad1.0 1.18.1-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd3a576c6288b76cfb6527bbfbf3dfebab1b9e01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd3a576c6288b76cfb6527bbfbf3dfebab1b9e01 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits