python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-11-04 01:47:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
0f64d08e64
Pillow/docs/releasenotes/8.1.1.rst
Andrew Murray b3c1937456 Changed wording
2024-03-17 21:37:31 +11:00

40 lines
1.2 KiB
ReStructuredText
Raw Blame History

8.1.1
-----
Security
========
:cve:`2021-25289`: Correct the fix for :cve:`2020-35654`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
error checking in ``TiffDecode.c``.
:cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
:cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds
read in ``TIFFReadRGBATile``.
:cve:`2021-25292`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The PDF parser has a catastrophic backtracking regex that could be used as a
DOS attack.
:cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
Other Changes
=============
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
unreleased Python 3.10 has been fixed (:issue:`5193`).
Reference in New Issue View Git Blame Copy Permalink