Added release notes for #9041 (#9042)

Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
This commit is contained in:
Andrew Murray 2025-06-28 00:30:22 +10:00 committed by GitHub
parent ef98b3510e
commit d07aa6fd17
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -4,21 +4,21 @@
Security
========
TODO
^^^^
:cve:`2025-48379`: Write buffer overflow on BCn encoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TODO
There is a heap buffer overflow when writing a sufficiently large (>64k encoded with
default settings) image in the DDS format due to writing into a buffer without checking
for available space.
:cve:`YYYY-XXXXX`: TODO
^^^^^^^^^^^^^^^^^^^^^^^
This only affects users who save untrusted data as a compressed DDS image.
TODO
* Unclear how large the potential write could be. It is likely limited by process
segfault, so it's not necessarily deterministic. It may be practically unbounded.
* Unclear if there's a restriction on the bytes that could be emitted. It's likely that
the only restriction is that the bytes would be emitted in chunks of 8 or 16.
Backwards incompatible changes
==============================
TODO
^^^^
This was introduced in Pillow 11.2.0 when the feature was added.
Deprecations
============
@ -41,22 +41,6 @@ another mode before saving::
im = Image.new("I", (1, 1))
im.convert("I;16").save("out.png")
API changes
===========
TODO
^^^^
TODO
API additions
=============
TODO
^^^^
TODO
Other changes
=============