From 2711549503be2f665888c405eabaa9e8786d5ece Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sat, 2 Jan 2021 22:07:03 +1100 Subject: [PATCH] Link to TideLift [ci skip] --- docs/releasenotes/8.1.0.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/releasenotes/8.1.0.rst b/docs/releasenotes/8.1.0.rst index 78c3e914a..e5228ac8c 100644 --- a/docs/releasenotes/8.1.0.rst +++ b/docs/releasenotes/8.1.0.rst @@ -52,13 +52,15 @@ OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versi (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's interpretation of the file is different when reading in RGBA mode, leading to an Out of bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to -8.0.1, depending on the version of LibTIFF. This was reported through Tidelift. +8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_. * :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun 4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the -offsets and length tables. Independently reported through Tidelift and Google's OSS-Fuzz. -This vulnerability covers Pillow versions 4.3.0->8.0.1. +offsets and length tables. Independently reported through `Tidelift`_ and Google's +OSS-Fuzz. This vulnerability covers Pillow versions 4.3.0->8.0.1. + +.. _Tidelift: https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pillow&utm_medium=referral&utm_campaign=docs Dependencies ^^^^^^^^^^^^