Skip to content

Commit 0ea144b

Browse files
aclark4lifeaclark4life
committed
Update 3.1.1, 8.1.1 release notes for #7864 
1 parent ae5f1de commit 0ea144b

File tree

2 files changed

+31
-13
lines changed

2 files changed

+31
-13
lines changed

docs/releasenotes/3.1.1.rst

+9-2
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,15 @@
44
Security
55
========
66

7-
:cve:`2016-0775`: Fix buffer overflow
8-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
7+
:cve:`2016-0740`: Fix buffer overflow in ``libImaging/TiffDecode.c``
8+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
9+
10+
Buffer overflow in the ImagingLibTiffDecode function in
11+
``libImaging/TiffDecode.c`` in Pillow before 3.1.1 allows remote attackers to
12+
overwrite memory via a crafted TIFF file.
13+
14+
:cve:`2016-0775`: Fix buffer overflow in ``libImaging/FliDecode.c``
15+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
916

1017
Buffer overflow in the ImagingFliDecode function in ``libImaging/FliDecode.c``
1118
in Pillow before 3.1.1 allows remote attackers to cause a denial of service

docs/releasenotes/8.1.1.rst

+22-11
Original file line numberDiff line numberDiff line change
@@ -4,22 +4,33 @@
44
Security
55
========
66

7-
:cve:`2021-25289`: The previous fix for :cve:`2020-35654` was insufficient
8-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
7+
:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
8+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
99

10-
The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
10+
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
11+
error checking in ``TiffDecode.c``.
1112

12-
:cve:`2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size
13-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
13+
:cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c``
14+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1415

15-
:cve:`2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``
16-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
16+
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
1717

18-
:cve:`2021-25292`: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack
19-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18+
:cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile``
19+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2020

21-
:cve:`2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0
22-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
21+
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds
22+
read in ``TIFFReadRGBATile``.
23+
24+
:cve:`2021-25292`: Fix DOS attack
25+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
26+
27+
The PDF parser has a catastrophic backtracking regex that could be used as a
28+
DOS attack.
29+
30+
:cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c``
31+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
32+
33+
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
2334

2435
Other Changes
2536
=============

0 commit comments

Comments
 (0)