2020-10-22 15:45:58 +03:00
|
|
|
8.0.1
|
|
|
|
-----
|
|
|
|
|
|
|
|
Security
|
|
|
|
========
|
|
|
|
|
2024-03-13 21:15:16 +03:00
|
|
|
Fix CVE-2020-15999
|
|
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`
|
|
|
|
|
2024-03-13 22:14:02 +03:00
|
|
|
Update FreeType in wheels to `2.10.4`_
|
2024-03-13 21:52:53 +03:00
|
|
|
++++++++++++++++++++++++++++++++++++++
|
2020-10-22 15:45:58 +03:00
|
|
|
|
2024-03-13 21:52:53 +03:00
|
|
|
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
|
|
|
|
introduced in FreeType version 2.6.
|
2020-10-22 15:45:58 +03:00
|
|
|
|
2024-03-13 21:52:53 +03:00
|
|
|
* If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
|
2020-10-22 15:45:58 +03:00
|
|
|
|
2020-10-22 17:09:20 +03:00
|
|
|
We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.
|
|
|
|
|
|
|
|
In Pillow 7.2.0 and earlier bitmap fonts were disabled with ``FT_LOAD_NO_BITMAP``, but it is not
|
2020-10-22 15:45:58 +03:00
|
|
|
clear if this prevents the exploit and we recommend updating to Pillow 8.0.1.
|
|
|
|
|
|
|
|
Pillow 8.0.0 and earlier are potentially vulnerable releases, including the last release
|
|
|
|
to support Python 2.7, namely Pillow 6.2.2.
|
|
|
|
|
|
|
|
.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
|