From 3f2b7d71402ff70cb873cadfe7379350da64b72c Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Sun, 28 Feb 2021 18:13:16 +0100
Subject: [PATCH] Release notes for 8.1.1

---
 docs/releasenotes/8.1.1.rst | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 docs/releasenotes/8.1.1.rst

diff --git a/docs/releasenotes/8.1.1.rst b/docs/releasenotes/8.1.1.rst
new file mode 100644
index 000000000..7ee2b67a8
--- /dev/null
+++ b/docs/releasenotes/8.1.1.rst
@@ -0,0 +1,32 @@
+8.1.1
+-----
+
+
+Security
+========
+
+CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent
+due to incorrect error checking in TiffDecode.c.
+
+CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy
+with an invalid size
+
+CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to
+an OOB Read in TiffReadRGBATile
+
+CVE-2021-25292: The PDF parser has a catastrophic backtracking regex
+that could be used as a DOS attack.
+
+CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c,
+since pillow 4.3.0.
+
+There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP
+container formats where Pillow did not properly check the reported
+size of the contained image. These images could cause arbitrariliy
+large memory allocations.
+
+
+Other Changes
+=============
+
+A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193)