Add information on introducing commits for CVE-2020-5310/pillow

We should check if the overflow is only possible after both of those upstream commits.
author: Salvatore Bonaccorso <carnil@debian.org> 2020-02-14 00:19:06 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-02-14 00:19:06 +0100
commit: baddb85047c61dc1f097e7e2536e3b500a05b561 (patch)
tree: b62a99892915bdafa4db42645472f6d7a2d9b3d1 /data
parent: 2cbfccce21b1e57e6a62783382ba531f4cfce35d (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 66eaefcbb4..84b74593e8 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8074,7 +8074,9 @@ CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffe
 CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...)
 	- pillow 7.0.0-1 (bug #948224)
 	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
-	NOTE: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2)
+	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0)
+	NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
+	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2)
 CVE-2020-5309
 	RESERVED
 CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-02-14 00:19:06 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-02-14 00:19:06 +0100
commit	baddb85047c61dc1f097e7e2536e3b500a05b561 (patch)
tree	b62a99892915bdafa4db42645472f6d7a2d9b3d1 /data
parent	2cbfccce21b1e57e6a62783382ba531f4cfce35d (diff)