pyupio · jayfk · Nov 7, 2016 · Nov 4, 2016 · Nov 4, 2016
diff --git a/data/insecure.json b/data/insecure.json
@@ -834,6 +834,7 @@
         "<2.5.6c1",
         "<2.6.8",
         "<2.7.12",
+        "<X.Y",
         ">=2.6,<2.6.7",
         ">=2.6,<3.3",
         ">=2.7,<2.7.2",
@@ -1060,4 +1061,4 @@
     "zopeskel": [
         "<2.11"
     ]
-}
+}
diff --git a/data/insecure_full.json b/data/insecure_full.json
@@ -4266,6 +4266,16 @@
             ],
             "v": "<2.7.12"
         },
+        {
+            "cve": "CVE-2016-9189",
+            "description": "Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the \"crafted image file\" approach, related to an \"Integer Overflow\" issue affecting the Image.core.map_buffer in map.c component.",
+            "urls": [
+                "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html",
+                "https://github.com/python-pillow/Pillow/issues/2105",
+                "https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f"
+            ],
+            "v": "<X.Y"
+        },
         {
             "cve": "CVE-2011-4940",
             "description": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.",
@@ -5472,4 +5482,4 @@
             "v": "<2.11"
         }
     ]
-}
+}