python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-10-30 23:47:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added release notes [ci skip]

Browse Source
This commit is contained in:
Andrew Murray 2020-01-02 14:36:56 +11:00
parent b9c68540dc
commit afc93b0d76
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGES.rst
View File

@ -92,11 +92,29 @@ Changelog (Pillow)
- Changed default frombuffer raw decoder args #1730 - Changed default frombuffer raw decoder args #1730
[radarhere] [radarhere]
6.2.1 (2019-10-21) 6.2.2 (2020-01-02)
------------------ ------------------
- This is the last Pillow release to support Python 2.7 #3642 - This is the last Pillow release to support Python 2.7 #3642
- Overflow checks for realloc for tiff decoding. CVE TBD
[wiredfool, radarhere]
- Catch SGI buffer overrun. CVE TBD
[radarhere]
- Catch PCX P mode buffer overrun. CVE TBD
[radarhere]
- Catch FLI buffer overrun. CVE TBD
[radarhere]
- Raise an error for an invalid number of bands in FPX image. CVE-2019-19911
[wiredfool, radarhere]
6.2.1 (2019-10-21)
------------------
- Add support for Python 3.8 #4141 - Add support for Python 3.8 #4141
[hugovk] [hugovk]

18
docs/releasenotes/6.2.2.rst Normal file
View File

@ -0,0 +1,18 @@
6.2.2
-----
Security
========
This release addresses several security problems {CVEs TBD), as well as addressing
CVE-2019-19911.
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number
of bands, a large amount of resources will be used when trying to process the
image. This is fixed by limiting the number of bands to those usable by Pillow.
Buffer overruns were found when processing an SGI, PCX or FLI image. Checks
have been added to prevent this.
Overflow checks have been added when calculating the size of a memory block to
be reallocated in the processing of a TIFF image.