mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-03-03 11:35:52 +03:00
Merge pull request #5301 from hugovk/update-release-notes
Update release notes: formatting, links, spelling
This commit is contained in:
Andrew Murray
GitHub
commit
0de08851e4
|
|
@ -312,3 +312,7 @@ def setup(app):
|
|||
app.add_js_file("js/script.js")
|
||||
app.add_css_file("css/dark.css")
|
||||
app.add_css_file("css/light.css")
|
||||
|
||||
|
||||
# GitHub repo for sphinx-issues
|
||||
issues_github_path = "python-pillow/Pillow"
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ Security
|
|||
|
||||
This release includes security fixes.
|
||||
|
||||
* :cve:`CVE-2020-10177` Fix multiple OOB reads in FLI decoding
|
||||
* :cve:`CVE-2020-10177` Fix multiple out-of-bounds reads in FLI decoding
|
||||
* :cve:`CVE-2020-10378` Fix bounds overflow in PCX decoding
|
||||
* :cve:`CVE-2020-10379` Fix two buffer overflows in TIFF decoding
|
||||
* :cve:`CVE-2020-10994` Fix bounds overflow in JPEG 2000 decoding
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ vulnerability introduced in FreeType 2.6 (:cve:`CVE-2020-15999`).
|
|||
Makefile
|
||||
^^^^^^^^
|
||||
|
||||
The 'install-venv' target has been deprecated.
|
||||
The ``install-venv`` target has been deprecated.
|
||||
|
||||
API Additions
|
||||
=============
|
||||
|
|
@ -46,17 +46,18 @@ The PCX image decoder used the reported image stride to calculate the row buffer
|
|||
rather than calculating it from the image size. This issue dates back to the PIL fork.
|
||||
Thanks to Google's `OSS-Fuzz`_ project for finding this.
|
||||
|
||||
* :cve:`CVE-2020-35654` Fix TIFF OOB Write error
|
||||
* :cve:`CVE-2020-35654` Fix TIFF out-of-bounds write error
|
||||
|
||||
OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions
|
||||
(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
|
||||
interpretation of the file is different when reading in RGBA mode, leading to an Out of
|
||||
bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
|
||||
8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_.
|
||||
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr files in some
|
||||
LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases
|
||||
LibTIFF's interpretation of the file is different when reading in RGBA mode, leading to
|
||||
an out-of-bounds write in ``TiffDecode.c``. This potentially affects Pillow versions
|
||||
from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was reported through
|
||||
`Tidelift`_.
|
||||
|
||||
* :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
|
||||
|
||||
4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
|
||||
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly checking the
|
||||
offsets and length tables. Independently reported through `Tidelift`_ and Google's
|
||||
`OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
|
||||
|
||||
|
|
@ -78,7 +79,7 @@ Other Changes
|
|||
Makefile
|
||||
^^^^^^^^
|
||||
|
||||
The 'co' target has been removed.
|
||||
The ``co`` target has been removed.
|
||||
|
||||
PyPy wheels
|
||||
^^^^^^^^^^^
|
||||
|
|
|
|||
|
|
@ -5,29 +5,31 @@
|
|||
Security
|
||||
========
|
||||
|
||||
CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent
|
||||
due to incorrect error checking in TiffDecode.c.
|
||||
:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient
|
||||
due to incorrect error checking in ``TiffDecode.c``.
|
||||
|
||||
CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy
|
||||
with an invalid size
|
||||
:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
|
||||
with an invalid size.
|
||||
|
||||
CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to
|
||||
an OOB Read in TiffReadRGBATile
|
||||
:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
|
||||
an out-of-bounds read in ``TIFFReadRGBATile``.
|
||||
|
||||
CVE-2021-25292: The PDF parser has a catastrophic backtracking regex
|
||||
:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex
|
||||
that could be used as a DOS attack.
|
||||
|
||||
CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c,
|
||||
since pillow 4.3.0.
|
||||
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
|
||||
since Pillow 4.3.0.
|
||||
|
||||
There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP
|
||||
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
|
||||
container formats where Pillow did not properly check the reported
|
||||
size of the contained image. These images could cause arbitrariliy
|
||||
size of the contained image. These images could cause arbitrarily
|
||||
large memory allocations. This was reported by Jiayi Lin, Luke
|
||||
Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu.
|
||||
Shaffer, Xinran Xie, and Akshay Ajayan of
|
||||
`Arizona State University <https://www.asu.edu/>`_.
|
||||
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
||||
A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193)
|
||||
A crash with the feature flags for libjpeg and WebP on unreleased Python 3.10 has been
|
||||
fixed (:issue:`5193`).
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user