mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-25 17:36:18 +03:00
Added release notes [ci skip]
This commit is contained in:
parent
b9c68540dc
commit
afc93b0d76
20
CHANGES.rst
20
CHANGES.rst
|
@ -92,11 +92,29 @@ Changelog (Pillow)
|
|||
- Changed default frombuffer raw decoder args #1730
|
||||
[radarhere]
|
||||
|
||||
6.2.1 (2019-10-21)
|
||||
6.2.2 (2020-01-02)
|
||||
------------------
|
||||
|
||||
- This is the last Pillow release to support Python 2.7 #3642
|
||||
|
||||
- Overflow checks for realloc for tiff decoding. CVE TBD
|
||||
[wiredfool, radarhere]
|
||||
|
||||
- Catch SGI buffer overrun. CVE TBD
|
||||
[radarhere]
|
||||
|
||||
- Catch PCX P mode buffer overrun. CVE TBD
|
||||
[radarhere]
|
||||
|
||||
- Catch FLI buffer overrun. CVE TBD
|
||||
[radarhere]
|
||||
|
||||
- Raise an error for an invalid number of bands in FPX image. CVE-2019-19911
|
||||
[wiredfool, radarhere]
|
||||
|
||||
6.2.1 (2019-10-21)
|
||||
------------------
|
||||
|
||||
- Add support for Python 3.8 #4141
|
||||
[hugovk]
|
||||
|
||||
|
|
18
docs/releasenotes/6.2.2.rst
Normal file
18
docs/releasenotes/6.2.2.rst
Normal file
|
@ -0,0 +1,18 @@
|
|||
6.2.2
|
||||
-----
|
||||
|
||||
Security
|
||||
========
|
||||
|
||||
This release addresses several security problems {CVEs TBD), as well as addressing
|
||||
CVE-2019-19911.
|
||||
|
||||
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number
|
||||
of bands, a large amount of resources will be used when trying to process the
|
||||
image. This is fixed by limiting the number of bands to those usable by Pillow.
|
||||
|
||||
Buffer overruns were found when processing an SGI, PCX or FLI image. Checks
|
||||
have been added to prevent this.
|
||||
|
||||
Overflow checks have been added when calculating the size of a memory block to
|
||||
be reallocated in the processing of a TIFF image.
|
Loading…
Reference in New Issue
Block a user