python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-11 15:54:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
Frederick Price 2023-02-24 08:53:19 -05:00
parent 297f7bc90c
commit 76eb7d35ab
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGES.rst
View File

@ -2,6 +2,21 @@
Changelog (Pillow)
==================
6.2.2.4 (date TBD)
------------------
- Use more specific regex chars to prevent ReDoS. CVE-2021-25292
[rickprice,hugovk]
6.2.2.3 (2023-02-23)
------------------
- CVE-2022-22817 Restrict builtins for ImageMath.eval()
[rickprice]
- CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
[rickprice]
6.2.2.2 (date TBD)
------------------

11
docs/releasenotes/6.2.2.4.rst Normal file
View File

@ -0,0 +1,11 @@
6.2.2.4
-------
Security
========
This release addresses several critical CVEs.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.