diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-14 00:19:06 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-14 00:19:06 +0100 |
commit | baddb85047c61dc1f097e7e2536e3b500a05b561 (patch) | |
tree | b62a99892915bdafa4db42645472f6d7a2d9b3d1 /data | |
parent | 2cbfccce21b1e57e6a62783382ba531f4cfce35d (diff) |
Add information on introducing commits for CVE-2020-5310/pillow
We should check if the overflow is only possible after both of those
upstream commits.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 66eaefcbb4..84b74593e8 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -8074,7 +8074,9 @@ CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffe CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...) - pillow 7.0.0-1 (bug #948224) [jessie] - pillow <not-affected> (The vulnerable code was introduced later) - NOTE: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) + NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0) + NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) + NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) CVE-2020-5309 RESERVED CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...) |