Skip to content

Commit

Permalink
Release notes for 8.1.1
Browse files Browse the repository at this point in the history
  • Loading branch information
wiredfool authored and radarhere committed Mar 1, 2021
1 parent 521dab9 commit 973a4c3
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions docs/releasenotes/8.1.1.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
8.1.1
-----


Security
========

CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficent
due to incorrect error checking in TiffDecode.c.

CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy
with an invalid size

CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to
an OOB Read in TiffReadRGBATile

CVE-2021-25292: The PDF parser has a catastrophic backtracking regex
that could be used as a DOS attack.

CVE-2021-25293: There is an Out of Bounds Read in SGIRleDecode.c,
since pillow 4.3.0.

There is an Exhaustion of Memory DOS in the ICNS, ICO, and BLP
container formats where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrariliy
large memory allocations.


Other Changes
=============

A crash with the feature flags for LibJpeg and Webp on unreleased Python 3.10 has been fixed (https://github.com/python-pillow/Pillow/issues/5193)

0 comments on commit 973a4c3

Please sign in to comment.