python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-13 05:06:49 +03:00
Code Issues Packages Projects Releases Wiki Activity
f1e86965f6
Pillow/docs/releasenotes/9.1.1.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

23 lines
706 B
ReStructuredText
Raw Normal View History

Added release notes for 9.1.1
2022-05-15 09:18:24 +03:00
9.1.1
-----
Security
========
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
This release addresses several security issues.
Added release notes for 9.1.1
2022-05-15 09:18:24 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-14 20:58:05 +03:00
:cve:`2022-30595`: Heap buffer overflow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Clean up for #7864
2024-03-13 21:40:00 +03:00
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template
2024-03-13 21:15:16 +03:00
When reading a TGA file with RLE packets that cross scan lines,
Added release notes for 9.1.1
2022-05-15 09:18:24 +03:00
Pillow reads the information past the end of the first line without deducting that
from the length of the remaining file data. This vulnerability was introduced in Pillow
9.1.0, and can cause a heap buffer overflow.
Added heading
2024-03-17 10:30:56 +03:00
Decompression bomb check fix
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Added release notes for 9.1.1
2022-05-15 09:18:24 +03:00
Opening an image with a zero or negative height has been found to bypass a
decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
raising a ``PIL.UnidentifiedImageError``.
Reference in New Issue Copy Permalink