From 8450366be331762ae327036e3c6658c517b05638 Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade Date: Thu, 2 Sep 2021 15:04:28 +0300 Subject: [PATCH] Update release notes --- docs/releasenotes/2.7.0.rst | 2 +- docs/releasenotes/8.3.2.rst | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/releasenotes/2.7.0.rst b/docs/releasenotes/2.7.0.rst index 03000528f88..660d331640c 100644 --- a/docs/releasenotes/2.7.0.rst +++ b/docs/releasenotes/2.7.0.rst @@ -14,7 +14,7 @@ Png text chunk size limits To prevent potential denial of service attacks using compressed text chunks, there are now limits to the decompressed size of text chunks decoded from PNG images. If the limits are exceeded when opening a PNG -image a ``ValueError`` will be raised. +image a :py:exc:`ValueError` will be raised. Individual text chunks are limited to :py:attr:`PIL.PngImagePlugin.MAX_TEXT_CHUNK`, set to 1MB by diff --git a/docs/releasenotes/8.3.2.rst b/docs/releasenotes/8.3.2.rst index 0a795957e68..6b5c759fc0a 100644 --- a/docs/releasenotes/8.3.2.rst +++ b/docs/releasenotes/8.3.2.rst @@ -1,6 +1,18 @@ 8.3.2 ----- +Security +======== + +* :cve:`CVE-2021-23437`: Avoid a potential ReDoS (regular expression denial of service) + in :py:class:`~PIL.ImageColor`'s :py:meth:`~PIL.ImageColor.getrgb` by raising + :py:exc:`ValueError` if the color specifier is too long. Present since Pillow 5.2.0. + +* Fix 6-byte out-of-bounds (OOB) read. The previous bounds check in ``FliDecode.c`` + incorrectly calculated the required read buffer size when copying a chunk, potentially + reading six extra bytes off the end of the allocated buffer from the heap. Present + since Pillow 7.1.0. This bug was found by Google's `OSS-Fuzz`_ `CIFuzz`_ runs. + Other Changes ============= @@ -24,4 +36,6 @@ Fixed regressions * Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library (:pr:`5651`). +.. _OSS-Fuzz: https://github.com/google/oss-fuzz +.. _CIFuzz: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ .. _no ABI changes: https://www.python.org/downloads/release/python-3100rc1/