Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk: High] Integer Overflow (Due: 2/22/2020) #3482

Closed
Tracked by #137
hcaofec opened this issue Jan 22, 2020 · 1 comment
Closed
Tracked by #137

[Snyk: High] Integer Overflow (Due: 2/22/2020) #3482

hcaofec opened this issue Jan 22, 2020 · 1 comment
Assignees
@pkfec
Labels
Security: high Remediate within 30 days
Milestone
Sprint 11.5

Comments

@hcaofec
Copy link
Contributor

hcaofec commented Jan 22, 2020

Vulnerable module: Pillow
Introduced through: wagtail@2.2.1
Exploit maturity: No known exploit
Fixed in: 6.2.2
Detailed paths and remediation
Introduced through: project@0.0.0 › wagtail@2.2.1 › Pillow@5.4.1
Remediation: Pin Pillow to version 6.2.2
Overview
pillow is a PIL fork.

Affected versions of this package are vulnerable to Integer Overflow in libImaging/TiffDecode.c when decoding TIFF files.
@hcaofec hcaofec mentioned this issue Jan 22, 2020
Closed
1 task
@fecjjeng fecjjeng mentioned this issue Jan 29, 2020
Closed
2 tasks
This was referenced Feb 5, 2020
Closed
Closed
@pkfec pkfec mentioned this issue Feb 12, 2020
Closed
2 tasks
@dorothyyeager dorothyyeager added this to the Sprint 11.5 milestone Feb 13, 2020
@patphongs patphongs mentioned this issue Feb 18, 2020
Closed
1 task
@pkfec pkfec mentioned this issue Feb 20, 2020
Merged
@fecjjeng fecjjeng mentioned this issue Feb 26, 2020
Closed
2 tasks
@PaulClark2 PaulClark2 added the Security: high Remediate within 30 days label Feb 27, 2020
@pkfec pkfec mentioned this issue Feb 27, 2020
Closed
@pkfec
Copy link
Contributor

pkfec commented Feb 29, 2020

Pillow pkg is also updated to v6.2.2. Wagtail is updated to LTS v2.7 in PR #3563.
PR #3563 is merged. Closing this issue.

@pkfec pkfec closed this as completed Feb 29, 2020
@patphongs patphongs mentioned this issue Feb 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkfec pkfec

Labels
Security: high Remediate within 30 days
Projects
None yet
Milestone
Sprint 11.5
Development

No branches or pull requests
4 participants
@pkfec @PaulClark2 @hcaofec @dorothyyeager