python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-27 02:16:19 +03:00
Code Issues Packages Projects Releases Wiki Activity
15deb71c3a
Pillow/docs/releasenotes/8.1.1.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

29 lines
1.3 KiB
ReStructuredText
Raw Normal View History

Release notes for 8.1.1
2021-02-28 20:13:16 +03:00
8.1.1
-----
Security
========
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2021-25289`: The previous fix for :cve:`2020-35654` was insufficient
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template
2024-03-13 21:15:16 +03:00
The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Release notes for 8.1.1
2021-02-28 20:13:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template
2024-03-13 21:15:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2021-25292`: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Release notes for 8.1.1
2021-02-28 20:13:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Release notes for 8.1.1
2021-02-28 20:13:16 +03:00
Other Changes
=============
Updated spelling [ci skip] Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2021-03-03 14:38:24 +03:00
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
Corrected list of relevant dependencies [ci skip]
2021-03-03 12:34:52 +03:00
unreleased Python 3.10 has been fixed (:issue:`5193`).
Reference in New Issue Copy Permalink