Pillow

mirror of https://github.com/python-pillow/Pillow.git synced 2025-03-14 23:32:13 +03:00

Author	SHA1	Message	Date
Andrew Murray	88bd672daf	8.1.2 version bump	2021-03-06 13:38:55 +11:00
Andrew Murray	d3486362da	Update CHANGES.rst [ci skip]	2021-03-06 13:37:58 +11:00
Andrew Murray	2a66fa7f2e	Added release notes for 8.1.2	2021-03-06 13:37:58 +11:00
Andrew Murray	608bf4fef5	Lint fix	2021-03-06 13:37:58 +11:00
Eric Soroos	756fff3312	Fix Memory DOS in Icns, Ico and Blp Image Plugins Some container plugins that could contain images of other formats, such as the ICNS format, did not properly check the reported size of the contained image. These images could cause arbitrariliy large memory allocations. This is fixed for all locations where individual *ImageFile classes are created without going through the usual Image.open method.	2021-03-06 13:37:58 +11:00
Hugo van Kemenade	886ad5a90e	Fix filename spelling Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2021-03-06 13:37:58 +11:00
Andrew Murray	0907fb13f4	Expanded "OOB" to "out-of-bounds" [ci skip]	2021-03-06 13:37:58 +11:00
heitbaum	c60c09280b	CHANGES.rst: update dates	2021-03-06 13:37:58 +11:00
Andrew Murray	8fb5e5035b	Added more CVE numbers [ci skip]	2021-03-05 22:05:03 +11:00
Andrew Murray	a10d2c950a	Updated spelling [ci skip] Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>	2021-03-05 22:04:55 +11:00
Andrew Murray	4bdc0da7ca	Corrected list of relevant dependencies [ci skip]	2021-03-05 22:04:47 +11:00
Hugo van Kemenade	20c0e1a19e	Update release notes formatting, links, spelling	2021-03-05 22:04:36 +11:00
Andrew Murray	741d8744a5	8.1.1 version bump	2021-03-01 19:24:03 +11:00
Andrew Murray	179cd1c8f9	Added 8.1.1 release notes to index	2021-03-01 19:23:56 +11:00
Andrew Murray	7d296653da	Update CHANGES.rst [ci skip]	2021-03-01 19:15:48 +11:00
Eric Soroos	d25036fca7	Credits	2021-03-01 19:09:20 +11:00
Eric Soroos	973a4c333a	Release notes for 8.1.1	2021-03-01 19:09:14 +11:00
Hugo van Kemenade	521dab94c7	Use more specific regex chars to prevent ReDoS * CVE-2021-25292	2021-03-01 19:08:58 +11:00
Eric Soroos	8b8076bdcb	Fix for CVE-2021-25291 * Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile * Check the tile validity before attempting to read.	2021-03-01 19:08:52 +11:00
Eric Soroos	e25be1e33d	Fix negative size read in TiffDecode.c * Caught by oss-fuzz runs * CVE-2021-25290	2021-03-01 19:08:39 +11:00
Eric Soroos	f891baa604	Fix OOB read in SgiRleDecode.c * From Pillow 4.3.0->8.1.0 * CVE-2021-25293	2021-03-01 19:08:26 +11:00
Eric Soroos	cbfdde7b1f	Incorrect error code checking in TiffDecode.c * since Pillow 8.1.0 * CVE-2021-25289	2021-03-01 19:08:17 +11:00
Andrew Murray	2ba5eb1cd9	PyModule_AddObject fix for Python 3.10	2021-03-01 19:08:11 +11:00
Andrew Murray	a0a5b7a01d	Added import test	2021-03-01 19:08:05 +11:00
Andrew Murray	fcc42e0d34	8.1.0 version bump	2021-01-02 22:39:02 +11:00
Andrew Murray	a99128052c	Update CHANGES.rst [ci skip]	2021-01-02 22:38:16 +11:00
Andrew Murray	470e48be4f	Merge pull request #5176 from radarhere/security Document CVE fixes	2021-01-02 22:37:19 +11:00
Andrew Murray	cd316feead	Link to OSS-Fuzz [ci skip]	2021-01-02 22:09:07 +11:00
Andrew Murray	2711549503	Link to TideLift [ci skip]	2021-01-02 22:07:03 +11:00
Andrew Murray	d88fdcda06	Updated capitalisation [ci skip] Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>	2021-01-02 22:00:35 +11:00
Andrew Murray	95f99d52c4	Document CVE fixes [ci skip]	2021-01-02 21:27:50 +11:00
Andrew Murray	c8dd1c8422	Merge pull request #5175 from radarhere/tiff Fix TIFF OOB Write error	2021-01-02 21:13:28 +11:00
Andrew Murray	0117694533	Merge pull request #5174 from radarhere/pcx Fix for Read Overflow in PCX Decoding	2021-01-02 21:00:25 +11:00
Andrew Murray	120eea2e45	Merge pull request #5173 from radarhere/sgi Fix for SGI Decode buffer overrun	2021-01-02 20:47:36 +11:00
Andrew Murray	903c67353d	Lint fix	2021-01-02 20:41:17 +11:00
Eric Soroos	2f409261eb	Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding. * Don't trust the image to specify a buffer size	2021-01-02 20:38:46 +11:00
wiredfool	45a62e91b1	Rework ReadTile * Don't malloc for the swap line, just shuffle backwards * Ensure that im->pixelsize is sanity checked * Ensure that we're using the right size for the buffer from TiffReadRGBATile	2021-01-02 20:37:48 +11:00
wiredfool	eb8c1206d6	Fix CVE-2020-35654 - OOB Write in TiffDecode.c * In some circumstances with some versions of libtiff (4.1.0+), there could be a 4 byte out of bound write when decoding a YCbCr tiff. * The Pillow code dates to 6.0.0 * Found and reported through Tidelift	2021-01-02 20:37:48 +11:00
Andrew Murray	0c39689690	Merge pull request #5171 from radarhere/makefile Add #5159 to the release notes	2021-01-02 20:20:05 +11:00
Andrew Murray	1cbb12fb6e	Lint fix	2021-01-02 20:19:26 +11:00
Andrew Murray	aa390a5a79	Merge pull request #5172 from radarhere/security Added release notes for #5149	2021-01-02 20:17:36 +11:00
Eric Soroos	9a2c9f722f	Make the SGI code return -1 as an error flag, error in state	2021-01-02 20:10:02 +11:00
Eric Soroos	7e95c63fa7	Fix for SGI Decode buffer overrun CVE-2020-35655 * Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.	2021-01-02 20:09:58 +11:00
Andrew Murray	6ffa37b85b	Document #5149 [ci skip]	2021-01-02 19:59:29 +11:00
Andrew Murray	e6ef8a6c09	Update CHANGES.rst [ci skip]	2021-01-02 19:58:03 +11:00
Andrew Murray	527409053f	Added deprecation message for install-venv	2021-01-02 19:40:03 +11:00
Hugo van Kemenade	07bbc46589	Merge pull request #5149 from wiredfool/gif_write_oob_read	2021-01-02 10:14:17 +02:00
Andrew Murray	01cad6bcad	Update CHANGES.rst [ci skip]	2021-01-02 11:24:20 +11:00
Andrew Murray	852503a4a3	Document #5159 [ci skip]	2021-01-02 11:00:33 +11:00
Andrew Murray	312213723d	Merge pull request #5159 from wiredfool/makefile_updates Makefile updates	2021-01-02 10:57:13 +11:00

1 2 3 4 5 ...

11095 Commits