python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-11 04:07:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated capitalisation [ci skip]

Browse Source 
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
This commit is contained in:
Andrew Murray 2021-01-02 22:00:35 +11:00 committed by GitHub
parent 95f99d52c4
commit d88fdcda06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/releasenotes/8.1.0.rst
View File

@ -38,25 +38,25 @@ Security
This release includes security fixes. This release includes security fixes.
* An out-of-bounds read when saving TIFFs with custom metadata through libtiff * An out-of-bounds read when saving TIFFs with custom metadata through LibTIFF
* An out-of-bounds read when saving a GIF of 1px width * An out-of-bounds read when saving a GIF of 1px width
* :cve:`CVE-2020-35653` Buffer Read Overrun in PCX Decoding. * :cve:`CVE-2020-35653` Buffer read overrun in PCX decoding
The PCX Image decoder used the reported image stride to calculate the row buffer, The PCX image decoder used the reported image stride to calculate the row buffer,
rather than calculating it from the image size. This issue dates back to the PIL fork. rather than calculating it from the image size. This issue dates back to the PIL fork.
Thanks to Google's OSS-Fuzz project for finding this. Thanks to Google's OSS-Fuzz project for finding this.
* :cve:`CVE-2020-35654` Fix TIFF OOB Write error * :cve:`CVE-2020-35654` Fix TIFF OOB Write error
OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTiff versions OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions
(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases libtiff's (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
interpretation of the file is different when reading in RGBA mode, leading to an Out of interpretation of the file is different when reading in RGBA mode, leading to an Out of
bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
8.0.1, depending on the version of LibTiff. This was reported through Tidelift. 8.0.1, depending on the version of LibTIFF. This was reported through Tidelift.
* :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun * :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
4 Byte Read Overflow in SGIRleDecode.c, where the code was not correctly checking the 4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
offsets and length tables. Independently reported through Tidelift and Google's OSS-Fuzz. offsets and length tables. Independently reported through Tidelift and Google's OSS-Fuzz.
This vulnerability covers Pillow versions 4.3.0->8.0.1. This vulnerability covers Pillow versions 4.3.0->8.0.1.