Merge pull request #5301 from hugovk/update-release-notes

Update release notes: formatting, links, spelling
This commit is contained in:
Andrew Murray 2021-03-03 20:29:14 +11:00 committed by GitHub
commit 0de08851e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 23 deletions

View File

@ -312,3 +312,7 @@ def setup(app):
app.add_js_file("js/script.js")
app.add_css_file("css/dark.css")
app.add_css_file("css/light.css")
# GitHub repo for sphinx-issues
issues_github_path = "python-pillow/Pillow"

View File

@ -74,7 +74,7 @@ Security
This release includes security fixes.
* :cve:`CVE-2020-10177` Fix multiple OOB reads in FLI decoding
* :cve:`CVE-2020-10177` Fix multiple out-of-bounds reads in FLI decoding
* :cve:`CVE-2020-10378` Fix bounds overflow in PCX decoding
* :cve:`CVE-2020-10379` Fix two buffer overflows in TIFF decoding
* :cve:`CVE-2020-10994` Fix bounds overflow in JPEG 2000 decoding

View File

@ -18,7 +18,7 @@ vulnerability introduced in FreeType 2.6 (:cve:`CVE-2020-15999`).
Makefile
^^^^^^^^
The 'install-venv' target has been deprecated.
The ``install-venv`` target has been deprecated.
API Additions
=============
@ -46,17 +46,18 @@ The PCX image decoder used the reported image stride to calculate the row buffer
rather than calculating it from the image size. This issue dates back to the PIL fork.
Thanks to Google's `OSS-Fuzz`_ project for finding this.
* :cve:`CVE-2020-35654` Fix TIFF OOB Write error
* :cve:`CVE-2020-35654` Fix TIFF out-of-bounds write error
OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions
(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
interpretation of the file is different when reading in RGBA mode, leading to an Out of
bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_.
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr files in some
LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases
LibTIFF's interpretation of the file is different when reading in RGBA mode, leading to
an out-of-bounds write in ``TiffDecode.c``. This potentially affects Pillow versions
from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was reported through
`Tidelift`_.
* :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly checking the
offsets and length tables. Independently reported through `Tidelift`_ and Google's
`OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
@ -78,7 +79,7 @@ Other Changes
Makefile
^^^^^^^^
The 'co' target has been removed.
The ``co`` target has been removed.
PyPy wheels
^^^^^^^^^^^

View File

@ -5,29 +5,31 @@
Security
========
CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent
due to incorrect error checking in TiffDecode.c.
:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient
due to incorrect error checking in ``TiffDecode.c``.
CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy
with an invalid size
:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
with an invalid size.
CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to
an OOB Read in TiffReadRGBATile
:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
an out-of-bounds read in ``TIFFReadRGBATile``.
CVE-2021-25292: The PDF parser has a catastrophic backtracking regex
:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex
that could be used as a DOS attack.
CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c,
since pillow 4.3.0.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
container formats where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrariliy
size of the contained image. These images could cause arbitrarily
large memory allocations. This was reported by Jiayi Lin, Luke
Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu.
Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.
Other Changes
=============
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193)
A crash with the feature flags for libjpeg and WebP on unreleased Python 3.10 has been
fixed (:issue:`5193`).