From facf3af93dabcbdd8cdbda8c3b50eefafa3bb04c Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Tue, 26 Mar 2024 05:34:31 +1100 Subject: [PATCH] Added release notes --- docs/releasenotes/10.3.0.rst | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/docs/releasenotes/10.3.0.rst b/docs/releasenotes/10.3.0.rst index a73efcee4..e5a47b281 100644 --- a/docs/releasenotes/10.3.0.rst +++ b/docs/releasenotes/10.3.0.rst @@ -4,21 +4,11 @@ Security ======== -TODO -^^^^ +:cve:`2024-28219`: Fix buffer overflow in ``_imagingcms.c`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -TODO - -:cve:`YYYY-XXXXX`: TODO -^^^^^^^^^^^^^^^^^^^^^^^ - -TODO - -Backwards Incompatible Changes -============================== - -TODO -^^^^ +In ``_imagingcms.c``, two ``strcpy`` calls were able to copy too much data into fixed +length strings. This has been fixed by using ``strncpy`` instead. Deprecations ============