python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-26 17:24:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added release notes for 8.1.2

Browse Source
This commit is contained in:
Andrew Murray 2021-03-06 13:21:30 +11:00
parent 5269ab13a7
commit f2ea25780a
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releasenotes/8.1.1.rst
View File

@ -1,7 +1,6 @@
8.1.1
-----
Security
========
@ -20,13 +19,6 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.
Other Changes
=============

12
docs/releasenotes/8.1.2.rst Normal file
View File

@ -0,0 +1,12 @@
8.1.2
-----
Security
========
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.

1
docs/releasenotes/index.rst
View File

@ -15,6 +15,7 @@ expected to be backported to earlier versions.
:maxdepth: 2
8.2.0
8.1.2
8.1.1
8.1.0
8.0.1