pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
87765ef560
vuln-list-update/suse/cvrf/testdata/cvrf-opensuse-su-2015-0798-1.xml
rahul2393 a62fe1fcc1
Refactored based on operating system (#81)
2021-04-23 11:21:27 +03:00

198 lines
10 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">Security update for python-Pillow</DocumentTitle>
<DocumentType>SUSE Patch</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>security@suse.de</ContactDetails>
<IssuingAuthority>SUSE Security Team</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openSUSE-SU-2015:0798-1</ID>
</Identification>
<Status>Final</Status>
<Version>1</Version>
<RevisionHistory>
<Revision>
<Number>1</Number>
<Date>2015-04-22T11:03:36Z</Date>
<Description>current</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2015-04-22T11:03:36Z</InitialReleaseDate>
<CurrentReleaseDate>2015-04-22T11:03:36Z</CurrentReleaseDate>
<Generator>
<Engine>cve-database/bin/generate-cvrf.pl</Engine>
<Date>2017-02-24T01:00:00Z</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for python-Pillow</Note>
<Note Title="Details" Type="General" Ordinal="2" xml:lang="en">python-pillow was updated to 2.7.0 to fix security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2014-9601: Remote attackers could cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
* CVE-2014-3598: Remote attackers could cause a denial of service using specially crafted image files via Jpeg2KImagePlugin
* CVE-2014-3589: Remote attackers could cause a denial of service using specially crafted image files via IcnsImagePlugin
</Note>
<Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).</Note>
</DocumentNotes>
<DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0)</DocumentDistribution>
<DocumentReferences>
<Reference Type="Self">
<URL>http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html</URL>
<Description>E-Mail link for openSUSE-SU-2015:0798-1</Description>
</Reference>
<Reference Type="Self">
<URL>https://www.suse.com/support/security/rating/</URL>
<Description>SUSE Security Ratings</Description>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Family" Name="openSUSE 13.2">
<Branch Type="Product Name" Name="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2">openSUSE 13.2</FullProductName>
</Branch>
</Branch>
<Branch Type="Product Version" Name="python-Pillow-2.8.1-3.3.1">
<FullProductName ProductID="python-Pillow-2.8.1-3.3.1">python-Pillow-2.8.1-3.3.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="python-Pillow-debuginfo-2.8.1-3.3.1">
<FullProductName ProductID="python-Pillow-debuginfo-2.8.1-3.3.1">python-Pillow-debuginfo-2.8.1-3.3.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="python-Pillow-debugsource-2.8.1-3.3.1">
<FullProductName ProductID="python-Pillow-debugsource-2.8.1-3.3.1">python-Pillow-debugsource-2.8.1-3.3.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="python-Pillow-tk-2.8.1-3.3.1">
<FullProductName ProductID="python-Pillow-tk-2.8.1-3.3.1">python-Pillow-tk-2.8.1-3.3.1</FullProductName>
</Branch>
<Branch Type="Product Version" Name="python-Pillow-tk-debuginfo-2.8.1-3.3.1">
<FullProductName ProductID="python-Pillow-tk-debuginfo-2.8.1-3.3.1">python-Pillow-tk-debuginfo-2.8.1-3.3.1</FullProductName>
</Branch>
<Relationship ProductReference="python-Pillow-2.8.1-3.3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:python-Pillow-2.8.1-3.3.1">python-Pillow-2.8.1-3.3.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="python-Pillow-debuginfo-2.8.1-3.3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:python-Pillow-debuginfo-2.8.1-3.3.1">python-Pillow-debuginfo-2.8.1-3.3.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="python-Pillow-debugsource-2.8.1-3.3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:python-Pillow-debugsource-2.8.1-3.3.1">python-Pillow-debugsource-2.8.1-3.3.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="python-Pillow-tk-2.8.1-3.3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:python-Pillow-tk-2.8.1-3.3.1">python-Pillow-tk-2.8.1-3.3.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
<Relationship ProductReference="python-Pillow-tk-debuginfo-2.8.1-3.3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE 13.2">
<FullProductName ProductID="openSUSE 13.2:python-Pillow-tk-debuginfo-2.8.1-3.3.1">python-Pillow-tk-debuginfo-2.8.1-3.3.1 as a component of openSUSE 13.2</FullProductName>
</Relationship>
</ProductTree>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.</Note>
</Notes>
<CVE>CVE-2014-3589</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:python-Pillow-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debuginfo-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debugsource-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-debuginfo-2.8.1-3.3.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>moderate</Description>
</Threat>
</Threats>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2014-3589.html</URL>
<Description>CVE-2014-3589</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/921566</URL>
<Description>SUSE Bug 921566</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.</Note>
</Notes>
<CVE>CVE-2014-3598</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:python-Pillow-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debuginfo-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debugsource-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-debuginfo-2.8.1-3.3.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>moderate</Description>
</Threat>
</Threats>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2014-3598.html</URL>
<Description>CVE-2014-3598</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/921566</URL>
<Description>SUSE Bug 921566</Description>
</Reference>
</References>
</Vulnerability>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.</Note>
</Notes>
<CVE>CVE-2014-9601</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE 13.2:python-Pillow-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debuginfo-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-debugsource-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-2.8.1-3.3.1</ProductID>
<ProductID>openSUSE 13.2:python-Pillow-tk-debuginfo-2.8.1-3.3.1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>moderate</Description>
</Threat>
</Threats>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2014-9601.html</URL>
<Description>CVE-2014-9601</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/921566</URL>
<Description>SUSE Bug 921566</Description>
</Reference>
</References>
</Vulnerability>
</cvrfdoc>
View Git Blame Copy Permalink