python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-09-21 03:18:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4538 from hugovk/update-7.1.0-release-notes

Browse Source 
Update 7.1.0 release notes with CVEs
This commit is contained in:
Andrew Murray 2020-04-10 11:23:31 +10:00 committed by GitHub
commit 41b554bc56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/7.1.0.rst
View File

@ -69,6 +69,16 @@ Passing a different value on Windows or macOS will force taking a snapshot
using the selected X server; pass an empty string to use the default X server.
XCB support is not included in pre-compiled wheels for Windows and macOS.
Security
========
This release includes security fixes.
* CVE-2020-10177 Fix multiple OOB reads in FLI decoding
* CVE-2020-10378 Fix bounds overflow in PCX decoding
* CVE-2020-10379 Fix two buffer overflows in TIFF decoding
* CVE-2020-10994 Fix bounds overflow in JPEG 2000 decoding
* CVE-2020-11538 Fix buffer overflow in SGI-RLE decoding
Other Changes
=============