From 596eaf35cc983fe73e2408e3ca7f3e1431fd06e3 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Thu, 3 Feb 2022 09:46:57 +1100
Subject: [PATCH] Update CHANGES.rst [ci skip]

---
 CHANGES.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index 66d417393..fc9455652 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -32,6 +32,15 @@ Changelog (Pillow)
 - Remove readonly from Image.__eq__ #5930
   [hugovk]
 
+9.0.1 (2022-02-03)
+------------------
+
+- In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010
+  [radarhere, hugovk]
+
+- Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009
+  [radarhere]
+
 9.0.0 (2022-01-02)
 ------------------