diff --git a/docs/conf.py b/docs/conf.py index 4fb9d1f8f..123e93c9b 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -312,3 +312,7 @@ def setup(app): app.add_js_file("js/script.js") app.add_css_file("css/dark.css") app.add_css_file("css/light.css") + + +# GitHub repo for sphinx-issues +issues_github_path = "python-pillow/Pillow" diff --git a/docs/releasenotes/7.1.0.rst b/docs/releasenotes/7.1.0.rst index fd3627e3c..0024a537d 100644 --- a/docs/releasenotes/7.1.0.rst +++ b/docs/releasenotes/7.1.0.rst @@ -74,7 +74,7 @@ Security This release includes security fixes. -* :cve:`CVE-2020-10177` Fix multiple OOB reads in FLI decoding +* :cve:`CVE-2020-10177` Fix multiple out-of-bounds reads in FLI decoding * :cve:`CVE-2020-10378` Fix bounds overflow in PCX decoding * :cve:`CVE-2020-10379` Fix two buffer overflows in TIFF decoding * :cve:`CVE-2020-10994` Fix bounds overflow in JPEG 2000 decoding diff --git a/docs/releasenotes/8.1.0.rst b/docs/releasenotes/8.1.0.rst index 5c4ee3773..8ed1d9d85 100644 --- a/docs/releasenotes/8.1.0.rst +++ b/docs/releasenotes/8.1.0.rst @@ -18,7 +18,7 @@ vulnerability introduced in FreeType 2.6 (:cve:`CVE-2020-15999`). Makefile ^^^^^^^^ -The 'install-venv' target has been deprecated. +The ``install-venv`` target has been deprecated. API Additions ============= @@ -46,17 +46,18 @@ The PCX image decoder used the reported image stride to calculate the row buffer rather than calculating it from the image size. This issue dates back to the PIL fork. Thanks to Google's `OSS-Fuzz`_ project for finding this. -* :cve:`CVE-2020-35654` Fix TIFF OOB Write error +* :cve:`CVE-2020-35654` Fix TIFF out-of-bounds write error -OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions -(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's -interpretation of the file is different when reading in RGBA mode, leading to an Out of -bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to -8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_. +Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr files in some +LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases +LibTIFF's interpretation of the file is different when reading in RGBA mode, leading to +an out-of-bounds write in ``TiffDecode.c``. This potentially affects Pillow versions +from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was reported through +`Tidelift`_. * :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun -4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the +4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's `OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1. @@ -78,7 +79,7 @@ Other Changes Makefile ^^^^^^^^ -The 'co' target has been removed. +The ``co`` target has been removed. PyPy wheels ^^^^^^^^^^^ diff --git a/docs/releasenotes/8.1.1.rst b/docs/releasenotes/8.1.1.rst index 6483a4f4b..51a81c7a6 100644 --- a/docs/releasenotes/8.1.1.rst +++ b/docs/releasenotes/8.1.1.rst @@ -5,29 +5,31 @@ Security ======== -CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent -due to incorrect error checking in TiffDecode.c. +:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient +due to incorrect error checking in ``TiffDecode.c``. -CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy -with an invalid size +:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy`` +with an invalid size. -CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to -an OOB Read in TiffReadRGBATile +:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to +an out-of-bounds read in ``TIFFReadRGBATile``. -CVE-2021-25292: The PDF parser has a catastrophic backtracking regex +:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. -CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c, -since pillow 4.3.0. +:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``, +since Pillow 4.3.0. -There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP +There is an exhaustion of memory DOS in the ICNS, ICO, and BLP container formats where Pillow did not properly check the reported -size of the contained image. These images could cause arbitrariliy +size of the contained image. These images could cause arbitrarily large memory allocations. This was reported by Jiayi Lin, Luke -Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu. +Shaffer, Xinran Xie, and Akshay Ajayan of +`Arizona State University `_. Other Changes ============= -A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193) +A crash with the feature flags for libjpeg and WebP on unreleased Python 3.10 has been +fixed (:issue:`5193`).