python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-10-31 07:57:27 +03:00
Code Issues Packages Projects Releases Wiki Activity
f9767fb00f
Pillow/docs/releasenotes/8.0.1.rst
Alex Clark c69dcc1c29 Fix headers and retro-add notes for #7864 
- Include CVE link in title (via @hugovk)
- Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
2024-03-15 10:01:42 -04:00

24 lines
860 B
ReStructuredText
Raw Blame History

8.0.1
-----
Security
========
:cve:`2020-15999`: Update FreeType in wheels to `2.10.4`_
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.
* If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.
In Pillow 7.2.0 and earlier bitmap fonts were disabled with ``FT_LOAD_NO_BITMAP``, but it is not
clear if this prevents the exploit and we recommend updating to Pillow 8.0.1.
Pillow 8.0.0 and earlier are potentially vulnerable releases, including the last release
to support Python 2.7, namely Pillow 6.2.2.
.. _2.10.4: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
Reference in New Issue View Git Blame Copy Permalink