python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-11 15:54:45 +03:00
Code Issues Packages Projects Releases Wiki Activity
9,032 Commits 51 Branches 94 Tags 313 MiB
3c779360b0
Commit Graph

9032 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marc Gutman
3c779360b0
Merge pull request #12 from ActiveState/BE-141-cve-2020-10379 
BE-141-CVE-2020-10379
 2023-03-24 11:54:46 -05:00
Eric Soroos
52ec868fe1 BE-141-CVE-2020-10379 
Taken from the fixes for https://github.com/python-pillow/Pillow/pull/4507/commits
 2023-03-22 18:04:13 -04:00
Marc Gutman
134fb891ee
Merge pull request #11 from ActiveState/BE-154-cve-2021-23437 
BE-154-CVE-2021-23437
 2023-03-22 10:18:12 -05:00
Frederick Price
454ef5a23e BE-154-cve-2021-23437 
Fix for CVE-2021-23437 Raise ValueError if color specifier is too long
 2023-03-21 19:09:40 -04:00
Marc Gutman
c3851b77ca
Merge pull request #10 from ActiveState/BE-152-cve-2021-27922 
Update changelogs with fixes that were already in, BE-584, BE-151, BE…
 2023-03-13 16:40:30 -05:00
Frederick Price
5a35a1d0d4 Update changelogs with fixes that were already in, BE-584, BE-151, BE-152 2023-03-13 17:15:31 -04:00
Marc Gutman
b06ecb4365
Merge pull request #9 from ActiveState/BE-148-cve-2021-25290 
BE-148-cve-2021-25290
 2023-03-13 15:34:01 -05:00
Eric Soroos
5515707532 Merge CVE changes 
Put a comma back in
 2023-03-13 12:52:20 -04:00
Marc Gutman
50ba069cc6
Merge pull request #8 from ActiveState/BE-149-cve-2021-25291 
Update release notes in advance
 2023-03-08 17:11:32 -06:00
Frederick Price
d6705ef3c0 Fix for CVE-2021-25291 
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.

(cherry picked from commit 8b8076bdcb)
 2023-03-08 18:08:31 -05:00
Marc Gutman
e18d9e1391
Merge pull request #7 from ActiveState/BE-584-cve-2021-27921 
BE-584 Cherrypick the fix for CVE-2021-27921
 2023-03-01 12:04:14 -06:00
Rick Price
6b88004138
Merge branch '6.2.x' into BE-584-cve-2021-27921 2023-03-01 12:29:36 -05:00
Frederick Price
8400b37ab5 BE-584 Cherrypick the fix for CVE-2021-27921 
Original comment:

Fix Memory DOS in Icns, Ico and Blp Image Plugins

Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.

This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.

(cherry picked from commit 480f6819b5)

Also fixed problems caused by the changes.

Document CVE fix
 2023-03-01 11:58:24 -05:00
Frederick Price
76eb7d35ab Update docs 2023-02-24 08:53:19 -05:00
Eric Soroos
297f7bc90c Fix OOB read in SgiRleDecode.c 
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293

(cherry picked from commit 4853e522bd)
 2023-02-24 01:47:10 -05:00
Frederick Price
1184cbf916 Put CVE fix in for CVE-2022-22817 Restrict builtins for ImageMath.eval() 
Put in fixes from CVE
Update release documentation

Ensure all tests pass as before
 2023-02-22 18:51:28 -05:00
Emilie Yu
538ac8d360
Merge pull request #5 from ActiveState/BE-135-cve-2021-34552 
Use snprintf instead of sprintf
 2022-02-14 15:20:10 -08:00
wooken
ba4e824fb7 Use snprintf instead of sprintf 
This is fix for CVE-2021-34552

(cherry picked from commit 518ee3722a)
 2022-02-14 15:17:43 -08:00
Rick Price
04db0b815b
Merge pull request #4 from ActiveState/BE-133-cve-2021-25287 
BE-133 CVE-2021-25287, BE-134 CVE-2021-25288: Fix OOB Read in Jpeg2KDecode
 2022-02-14 13:08:29 -05:00
Emilie Yu
4b207548e0 CVE-2021-25287,CVE-2021-25288: Fix OOB Read in Jpeg2KDecode 2022-02-11 12:12:45 -08:00
Jeremy Paige
414de92fe3
Merge pull request #3 from ActiveState/jeremyp/cve-2021-25289 
CVE-2021-25291: fix TiffDecode heap-based buffer overflow
 2021-10-20 10:45:21 -07:00
Jeremy Paige
80d2d8ae09 CVE-2021-25291, CVE-2020-35654: fix TiffDecode heap-based buffer overflow 2021-10-18 14:04:51 -07:00
Jeremy Paige
d22b3879a4
Merge pull request #2 from ActiveState/jeremyp/cve-2020-11538 
CVE-2020-11538: fix SGI-RLE buffer overflow
 2021-10-12 13:21:49 -07:00
Jeremy Paige
18200ae9fd
Merge pull request #1 from zoofood/patch-1 
Added branding info/intent of fork.
 2021-10-08 15:48:30 -07:00
Jeremy Paige
eb81417e60 Version 6.2.2.1 2021-10-08 15:43:42 -07:00
Jeff Rouse
188525db91
Added branding info/intent of fork. 2021-10-08 13:08:13 -07:00
Jeremy Paige
c1c324c2b7 CVE-2020-11538: fix SGI-RLE buffer overflow 2021-09-27 18:21:59 -07:00
Andrew Murray
a45c8583ff Release notes for 6.2.2 2020-01-02 16:18:32 +11:00
Andrew Murray
83efad4875 6.2.2 version bump 2020-01-02 14:43:09 +11:00
Andrew Murray
4820f79e01 Added release notes [ci skip] 2020-01-02 14:39:50 +11:00
Andrew Murray
4e2def2539 Overflow checks for realloc for tiff decoding 2020-01-02 14:39:36 +11:00
Andrew Murray
a79b65c47c Catch SGI buffer overruns 2020-01-02 14:39:29 +11:00
Andrew Murray
93b22b846e Catch PCX P mode buffer overrun 2020-01-02 14:39:20 +11:00
Andrew Murray
a09acd0dec Catch FLI buffer overrun 2020-01-02 14:39:14 +11:00
Andrew Murray
774e53bb13 Raise an error for an invalid number of bands in FPX image 2020-01-02 14:39:05 +11:00
Andrew Murray
8892aecfbf Added security notes [ci skip] 2020-01-02 10:04:06 +11:00
Andrew Murray
46c35f06b1 Updated copyright year 2020-01-01 14:03:55 +11:00
Andrew Murray
f269b49cff
Merge pull request #4306 from radarhere/6.2.x_centos 
Added CentOS 8 to 6.2.x
 2019-12-27 07:09:35 +11:00
Andrew Murray
cc04ee7b5c Added CentOS 8 2019-12-26 21:20:19 +11:00
Andrew Murray
48908c94e8 Updated CI targets [ci skip] 2019-12-26 21:18:27 +11:00
Hugo van Kemenade
c8d620416f
Merge pull request #4300 from radarhere/6.2.x_python 
Test 6.2.x against Python 3.8 final
 2019-12-26 09:32:42 +02:00
Hugo van Kemenade
bde3e9cfc9
Merge pull request #4301 from radarhere/6.2.x_fedora 
Added Fedora 31 to 6.2.x
 2019-12-26 09:31:55 +02:00
Andrew Murray
c77171fea2 Added Fedora 31 2019-12-26 12:02:06 +11:00
Hugo
9fa34ecc2e Test on Python 3.8 2019-12-26 09:54:23 +11:00
Hugo
738bbd2641 Test on Python 3.8 2019-12-26 09:54:02 +11:00
Andrew Murray
71ffb52320
Merge pull request #4299 from hugovk/6.2.x-fix-lint 
6.2.x: Fix Lint
 2019-12-26 09:13:42 +11:00
Hugo
fe38d93250 Format with Black 19.10b0 2019-12-25 17:44:05 +02:00
Hugo van Kemenade
a9126faa7a
Use dedicated docker tag for 6.2.x (#4298) 
Use dedicated docker tag for 6.2.x
 2019-12-25 17:40:23 +02:00
Andrew Murray
89d6c84ba0 Removed EOL Fedora 29 2019-12-26 00:51:11 +11:00
Andrew Murray
fe8ba74f93
Removed EOL Fedora 29 
Co-Authored-By: Hugo van Kemenade <hugovk@users.noreply.github.com>
 2019-12-26 00:50:23 +11:00