Merge pull request #5301 from hugovk/update-release-notes

Update release notes: formatting, links, spelling
2025-03-03 19:45:56 +03:00 · 2021-03-03 20:29:14 +11:00 · 2021-03-03 20:29:14 +11:00 · 0de08851e4
commit 0de08851e4
parent fbb825e3bf d0cf8ffef5
4 changed files with 30 additions and 23 deletions
--- a/docs/conf.py
+++ b/docs/conf.py
@ -312,3 +312,7 @@ def setup(app):
    app.add_js_file("js/script.js")
    app.add_css_file("css/dark.css")
    app.add_css_file("css/light.css")
 # GitHub repo for sphinx-issues
 issues_github_path = "python-pillow/Pillow"
--- a/docs/releasenotes/7.1.0.rst
+++ b/docs/releasenotes/7.1.0.rst
@ -74,7 +74,7 @@ Security
 This release includes security fixes.
-* :cve:`CVE-2020-10177` Fix multiple OOB reads in FLI decoding
+* :cve:`CVE-2020-10177` Fix multiple out-of-bounds reads in FLI decoding
 * :cve:`CVE-2020-10378` Fix bounds overflow in PCX decoding
 * :cve:`CVE-2020-10379` Fix two buffer overflows in TIFF decoding
 * :cve:`CVE-2020-10994` Fix bounds overflow in JPEG 2000 decoding
--- a/docs/releasenotes/8.1.0.rst
+++ b/docs/releasenotes/8.1.0.rst
@ -18,7 +18,7 @@ vulnerability introduced in FreeType 2.6 (:cve:`CVE-2020-15999`).
 Makefile
 ^^^^^^^^
-The 'install-venv' target has been deprecated.
+The ``install-venv`` target has been deprecated.
 API Additions
 =============
@ -46,17 +46,18 @@ The PCX image decoder used the reported image stride to calculate the row buffer
 rather than calculating it from the image size. This issue dates back to the PIL fork.
 Thanks to Google's `OSS-Fuzz`_ project for finding this.
-* :cve:`CVE-2020-35654` Fix TIFF OOB Write error
+* :cve:`CVE-2020-35654` Fix TIFF out-of-bounds write error
-OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions
+Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr files in some
-(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
+LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases
-interpretation of the file is different when reading in RGBA mode, leading to an Out of
+LibTIFF's interpretation of the file is different when reading in RGBA mode, leading to
-bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
+an out-of-bounds write in ``TiffDecode.c``. This potentially affects Pillow versions
-8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_.
+from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was reported through
 `Tidelift`_.
 * :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
-4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
+4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly checking the
 offsets and length tables. Independently reported through `Tidelift`_ and Google's
 `OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
@ -78,7 +79,7 @@ Other Changes
 Makefile
 ^^^^^^^^
-The 'co' target has been removed.
+The ``co`` target has been removed.
 PyPy wheels
 ^^^^^^^^^^^
--- a/docs/releasenotes/8.1.1.rst
+++ b/docs/releasenotes/8.1.1.rst
@ -5,29 +5,31 @@
 Security
 ========
-CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent
+:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient
-due to incorrect error checking in TiffDecode.c.
+due to incorrect error checking in ``TiffDecode.c``.
-CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy
+:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
-with an invalid size
+with an invalid size.
-CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to
+:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
-an OOB Read in TiffReadRGBATile
+an out-of-bounds read in ``TIFFReadRGBATile``.
-CVE-2021-25292: The PDF parser has a catastrophic backtracking regex
+:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex
 that could be used as a DOS attack.
-CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c,
+:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
-since pillow 4.3.0.
+since Pillow 4.3.0.
-There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP
+There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
 container formats where Pillow did not properly check the reported
-size of the contained image. These images could cause arbitrariliy
+size of the contained image. These images could cause arbitrarily
 large memory allocations. This was reported by Jiayi Lin, Luke
-Shaffer, Xinran Xie, and Akshay Ajayan of ASU.edu.
+Shaffer, Xinran Xie, and Akshay Ajayan of
 `Arizona State University <https://www.asu.edu/>`_.
 Other Changes
 =============
-A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193)
+A crash with the feature flags for libjpeg and WebP on unreleased Python 3.10 has been
 fixed (:issue:`5193`).