Version 6.2.2.1

2025-08-11 15:54:45 +03:00 · 2021-10-08 15:43:42 -07:00 · 2021-10-08 15:43:42 -07:00 · eb81417e60
commit eb81417e60
parent c1c324c2b7
4 changed files with 20 additions and 1 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -2,6 +2,14 @@
 Changelog (Pillow)
 ==================

+6.2.2.1 (2021-10-08)
+------------------
+
+- This is the first Pillow release to support Python 2.7 from ActiveState
+
+- Catch SGI out-of-bounds reads. CVE 2020-11538
+  [ucodery]
+
 6.2.2 (2020-01-02)
 ------------------

--- a/docs/releasenotes/6.2.2.1.rst
+++ b/docs/releasenotes/6.2.2.1.rst
@ -0,0 +1,10 @@
+6.2.2.1
+-------
+
+Security
+========
+
+This release addresses CVE-2020-11538.
+
+CVE-2019-11538 is regarding SGI images. An out-of-bounds read can occur in the
+parsing of SGI image files.
--- a/docs/releasenotes/index.rst
+++ b/docs/releasenotes/index.rst
@ -6,6 +6,7 @@ Release Notes
 .. toctree::
  :maxdepth: 2

+  6.2.2.1
  6.2.2
  6.2.1
  6.2.0
--- a/src/PIL/_version.py
+++ b/src/PIL/_version.py
@ -1,2 +1,2 @@
 # Master version for Pillow
-__version__ = "6.2.2"
+__version__ = "6.2.2.1"