AVG-1439 - log back

AVG-1439 edited at 30 Mar 2021 15:00:24
Status
- Vulnerable
+ Unknown
AVG-1439 edited at 03 Mar 2021 11:18:14
Issues
CVE-2020-35653
CVE-2020-35654
CVE-2020-35655
+ CVE-2021-25289
+ CVE-2021-25290
+ CVE-2021-25291
+ CVE-2021-25292
+ CVE-2021-25293
+ CVE-2021-27921
+ CVE-2021-27922
+ CVE-2021-27923
AVG-1439 created at 12 Jan 2021 10:01:10
Packages
+ python2-pillow
Issues
+ CVE-2020-35653
+ CVE-2020-35654
+ CVE-2020-35655
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 6.2.1-3
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
Notes
+ python-pillow 7.0.0 dropped support for the end of life Python 2.7, so these issues are unlikely to be fixed in this legacy version of python-pillow, which is retained only for compatibility reasons.