Markus Koschany · Markus Koschany · Markus Koschany · 7f9a0d04 · 7f9a0d04
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -403,9 +403,11 @@ CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode bu
 	NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2)
 CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...)
 	- pillow <unfixed>
+	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2)
 CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...)
 	- pillow <unfixed>
+	[jessie] - pillow <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2)
 CVE-2020-5309
 	RESERVED
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -79,6 +79,8 @@ nss (Markus Koschany)
 opendmarc (Thorsten Alteholz)
  NOTE: 20191222: still testing package, original patch does not seem to be enough, still ongoing
 --
+pillow
+--
 python-reportlab (Hugo Lefeuvre)
  NOTE: 20191227: still no upstream fix
 --