python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-12 08:14:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial change of release notes

Browse Source
This commit is contained in:
Frederick Price 2023-03-31 14:58:40 -04:00
parent ae2cecb6f0
commit 3a855cb647
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES.rst
View File

@ -2,6 +2,13 @@
Changelog (Pillow) Changelog (Pillow)
================== ==================
6.2.2.5 (date TBD)
------------------
- Fix CVE-2020-35654
[rickprice]
6.2.2.4 (2023-03-29) 6.2.2.4 (2023-03-29)
------------------ ------------------
@ -14,8 +21,10 @@ since Pillow 4.3.0.
- Fix CVE-2021-27921 - Fix CVE-2021-27921
[rickprice] [rickprice]
- Fix CVE-2021-27922 - Fix CVE-2021-27922
[rickprice] [rickprice]
- Fix CVE-2021-27923 - Fix CVE-2021-27923
[rickprice] [rickprice]

11
docs/releasenotes/6.2.2.5.rst Normal file
View File

@ -0,0 +1,11 @@
6.2.2.4
-------
Security
========
This release addresses several critical CVEs.
:cve:`CVE-2020-35654`: In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.