Pillow

mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-12 00:04:46 +03:00

Author	SHA1	Message	Date
Marc Gutman	50ba069cc6	Merge pull request #8 from ActiveState/BE-149-cve-2021-25291 Update release notes in advance	2023-03-08 17:11:32 -06:00
Frederick Price	d6705ef3c0	Fix for CVE-2021-25291 * Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile * Check the tile validity before attempting to read. (cherry picked from commit `8b8076bdcb`)	2023-03-08 18:08:31 -05:00
Marc Gutman	e18d9e1391	Merge pull request #7 from ActiveState/BE-584-cve-2021-27921 BE-584 Cherrypick the fix for CVE-2021-27921	2023-03-01 12:04:14 -06:00
Rick Price	6b88004138	Merge branch '6.2.x' into BE-584-cve-2021-27921	2023-03-01 12:29:36 -05:00
Frederick Price	8400b37ab5	BE-584 Cherrypick the fix for CVE-2021-27921 Original comment: Fix Memory DOS in Icns, Ico and Blp Image Plugins Some container plugins that could contain images of other formats, such as the ICNS format, did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This is fixed for all locations where individual *ImageFile classes are created without going through the usual Image.open method. (cherry picked from commit `480f6819b5`) Also fixed problems caused by the changes. Document CVE fix	2023-03-01 11:58:24 -05:00
Frederick Price	76eb7d35ab	Update docs	2023-02-24 08:53:19 -05:00
Eric Soroos	297f7bc90c	Fix OOB read in SgiRleDecode.c * From Pillow 4.3.0->8.1.0 * CVE-2021-25293 (cherry picked from commit `4853e522bd`)	2023-02-24 01:47:10 -05:00
Frederick Price	1184cbf916	Put CVE fix in for CVE-2022-22817 Restrict builtins for ImageMath.eval() Put in fixes from CVE Update release documentation Ensure all tests pass as before	2023-02-22 18:51:28 -05:00
Emilie Yu	538ac8d360	Merge pull request #5 from ActiveState/BE-135-cve-2021-34552 Use snprintf instead of sprintf	2022-02-14 15:20:10 -08:00
wooken	ba4e824fb7	Use snprintf instead of sprintf This is fix for CVE-2021-34552 (cherry picked from commit `518ee3722a`)	2022-02-14 15:17:43 -08:00
Rick Price	04db0b815b	Merge pull request #4 from ActiveState/BE-133-cve-2021-25287 BE-133 CVE-2021-25287, BE-134 CVE-2021-25288: Fix OOB Read in Jpeg2KDecode	2022-02-14 13:08:29 -05:00
Emilie Yu	4b207548e0	CVE-2021-25287,CVE-2021-25288: Fix OOB Read in Jpeg2KDecode	2022-02-11 12:12:45 -08:00
Jeremy Paige	414de92fe3	Merge pull request #3 from ActiveState/jeremyp/cve-2021-25289 CVE-2021-25291: fix TiffDecode heap-based buffer overflow	2021-10-20 10:45:21 -07:00
Jeremy Paige	80d2d8ae09	CVE-2021-25291, CVE-2020-35654: fix TiffDecode heap-based buffer overflow	2021-10-18 14:04:51 -07:00
Jeremy Paige	d22b3879a4	Merge pull request #2 from ActiveState/jeremyp/cve-2020-11538 CVE-2020-11538: fix SGI-RLE buffer overflow	2021-10-12 13:21:49 -07:00
Jeremy Paige	18200ae9fd	Merge pull request #1 from zoofood/patch-1 Added branding info/intent of fork.	2021-10-08 15:48:30 -07:00
Jeremy Paige	eb81417e60	Version 6.2.2.1	2021-10-08 15:43:42 -07:00
Jeff Rouse	188525db91	Added branding info/intent of fork.	2021-10-08 13:08:13 -07:00
Jeremy Paige	c1c324c2b7	CVE-2020-11538: fix SGI-RLE buffer overflow	2021-09-27 18:21:59 -07:00
Andrew Murray	a45c8583ff	Release notes for 6.2.2	2020-01-02 16:18:32 +11:00
Andrew Murray	83efad4875	6.2.2 version bump	2020-01-02 14:43:09 +11:00
Andrew Murray	4820f79e01	Added release notes [ci skip]	2020-01-02 14:39:50 +11:00
Andrew Murray	4e2def2539	Overflow checks for realloc for tiff decoding	2020-01-02 14:39:36 +11:00
Andrew Murray	a79b65c47c	Catch SGI buffer overruns	2020-01-02 14:39:29 +11:00
Andrew Murray	93b22b846e	Catch PCX P mode buffer overrun	2020-01-02 14:39:20 +11:00
Andrew Murray	a09acd0dec	Catch FLI buffer overrun	2020-01-02 14:39:14 +11:00
Andrew Murray	774e53bb13	Raise an error for an invalid number of bands in FPX image	2020-01-02 14:39:05 +11:00
Andrew Murray	8892aecfbf	Added security notes [ci skip]	2020-01-02 10:04:06 +11:00
Andrew Murray	46c35f06b1	Updated copyright year	2020-01-01 14:03:55 +11:00
Andrew Murray	f269b49cff	Merge pull request #4306 from radarhere/6.2.x_centos Added CentOS 8 to 6.2.x	2019-12-27 07:09:35 +11:00
Andrew Murray	cc04ee7b5c	Added CentOS 8	2019-12-26 21:20:19 +11:00
Andrew Murray	48908c94e8	Updated CI targets [ci skip]	2019-12-26 21:18:27 +11:00
Hugo van Kemenade	c8d620416f	Merge pull request #4300 from radarhere/6.2.x_python Test 6.2.x against Python 3.8 final	2019-12-26 09:32:42 +02:00
Hugo van Kemenade	bde3e9cfc9	Merge pull request #4301 from radarhere/6.2.x_fedora Added Fedora 31 to 6.2.x	2019-12-26 09:31:55 +02:00
Andrew Murray	c77171fea2	Added Fedora 31	2019-12-26 12:02:06 +11:00
Hugo	9fa34ecc2e	Test on Python 3.8	2019-12-26 09:54:23 +11:00
Hugo	738bbd2641	Test on Python 3.8	2019-12-26 09:54:02 +11:00
Andrew Murray	71ffb52320	Merge pull request #4299 from hugovk/6.2.x-fix-lint 6.2.x: Fix Lint	2019-12-26 09:13:42 +11:00
Hugo	fe38d93250	Format with Black 19.10b0	2019-12-25 17:44:05 +02:00
Hugo van Kemenade	a9126faa7a	Use dedicated docker tag for 6.2.x (#4298 ) Use dedicated docker tag for 6.2.x	2019-12-25 17:40:23 +02:00
Andrew Murray	89d6c84ba0	Removed EOL Fedora 29	2019-12-26 00:51:11 +11:00
Andrew Murray	fe8ba74f93	Removed EOL Fedora 29 Co-Authored-By: Hugo van Kemenade <hugovk@users.noreply.github.com>	2019-12-26 00:50:23 +11:00
Andrew Murray	7a0a2e966c	Changed docker tag to 6.2.x	2019-12-25 23:41:45 +11:00
Hugo	6e0f07bbe3	Pillow 6.2.1 is the last to support Python 2.7	2019-10-21 09:05:44 +03:00
Hugo	39d26d3f90	6.2.1 version bump	2019-10-20 19:44:44 +03:00
Hugo	ee9e21aff1	Add release notes for Pillow 6.2.1	2019-10-20 18:38:59 +03:00
Hugo	efcfb91b71	Update CHANGES.rst [CI skip]	2019-10-20 18:37:04 +03:00
Hugo van Kemenade	f97c4ddb0a	6.2.x: Add support for Python 3.8 (#4151 ) 6.2.x: Add support for Python 3.8	2019-10-20 16:12:32 +03:00
Hugo	b78edcc9e4	Add support for Python 3.8	2019-10-20 13:11:45 +03:00
Andrew Murray	8a30d13537	Updated CHANGES.rst [ci skip]	2019-10-01 19:24:57 +10:00

1 2 3 4 5 ...

9024 Commits