Skip to content

Commit

Permalink
Update 3.1.1, 8.1.1 release notes for #7864
Browse files Browse the repository at this point in the history
  • Loading branch information
aclark4life committed Mar 14, 2024
1 parent 6363b89 commit 2917acc
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 13 deletions.
11 changes: 9 additions & 2 deletions docs/releasenotes/3.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@
Security
========

:cve:`2016-0775`: Fix buffer overflow
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:cve:`2016-0740`: Fix buffer overflow in ``libImaging/TiffDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buffer overflow in the ImagingLibTiffDecode function in
``libImaging/TiffDecode.c`` in Pillow before 3.1.1 allows remote attackers to
overwrite memory via a crafted TIFF file.

:cve:`2016-0775`: Fix buffer overflow in ``libImaging/FliDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buffer overflow in the ImagingFliDecode function in ``libImaging/FliDecode.c``
in Pillow before 3.1.1 allows remote attackers to cause a denial of service
Expand Down
33 changes: 22 additions & 11 deletions docs/releasenotes/8.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,33 @@
Security
========

:cve:`2021-25289`: The previous fix for :cve:`2020-35654` was insufficient
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
error checking in ``TiffDecode.c``.

:cve:`2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:cve:`2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.

:cve:`2021-25292`: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:cve:`2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds
read in ``TIFFReadRGBATile``.

:cve:`2021-25292`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The PDF parser has a catastrophic backtracking regex that could be used as a
DOS attack.

:cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.

Other Changes
=============
Expand Down

0 comments on commit 2917acc

Please sign in to comment.