diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-04 08:59:28 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-03-04 08:59:28 +0100 |
commit | e9c1dfac5fdc9f3bc8a407a114383a380bc86670 (patch) | |
tree | 2605da3c8572a4f4f8817fc7e2614845c6241071 | |
parent | d00c0f6b6a098cf8c608cc30baabc3ea593e6f66 (diff) |
Track fixed version for three CVEs for pillow via unstable
The changelog for pillow's upload to unstable lists completely different
set of CVEs, question if they are typos or additional CVEs to be
tracked, investigation pending.
The are specifically:
pillow (8.1.1-1) unstable; urgency=high
.
* New upstream version.
- Use more specific regex chars to prevent ReDoS. CVE-2021-25292.
- Fix OOB Read in TiffDecode.c, and check the tile validity before reading.
CVE-2021-25291.
- Fix negative size read in TiffDecode.c. CVE-2021-25290.
- Fix OOB read in SgiRleDecode.c. CVE-2021-25293.
- Incorrect error code checking in TiffDecode.c. CVE-2021-25289.
-rw-r--r-- | data/CVE/2021.list | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0d192cef53..ba1e64d8e7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -22,13 +22,13 @@ CVE-2021-27925 CVE-2021-27924 RESERVED CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - - pillow <unfixed> + - pillow 8.1.1-1 [buster] - pillow <ignored> (Minor issue) CVE-2021-27920 RESERVED |