Update 3.1.1, 8.1.1 release notes for #7864

python-pillow · Mar 15, 2024 · 0ea144b · 0ea144b
1 parent ae5f1de
commit 0ea144b
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 13 deletions.
diff --git a/docs/releasenotes/3.1.1.rst b/docs/releasenotes/3.1.1.rst
@@ -4,8 +4,15 @@
 Security
 ========
 
-:cve:`2016-0775`: Fix buffer overflow
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2016-0740`: Fix buffer overflow in ``libImaging/TiffDecode.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Buffer overflow in the ImagingLibTiffDecode function in
+``libImaging/TiffDecode.c`` in Pillow before 3.1.1 allows remote attackers to
+overwrite memory via a crafted TIFF file.
+
+:cve:`2016-0775`: Fix buffer overflow in ``libImaging/FliDecode.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Buffer overflow in the ImagingFliDecode function in ``libImaging/FliDecode.c``
 in Pillow before 3.1.1 allows remote attackers to cause a denial of service

diff --git a/docs/releasenotes/8.1.1.rst b/docs/releasenotes/8.1.1.rst
@@ -4,22 +4,33 @@
 Security
 ========
 
-:cve:`2021-25289`: The previous fix for :cve:`2020-35654` was insufficient
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2021-25289`: Fix the fix for :cve:`2020-35654`
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
+The previous fix for :cve:`2020-35654` was insufficient due to incorrect
+error checking in ``TiffDecode.c``.
 
-:cve:`2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-:cve:`2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
 
-:cve:`2021-25292`: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-:cve:`2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds
+read in ``TIFFReadRGBATile``.
+
+:cve:`2021-25292`: Fix DOS attack
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The PDF parser has a catastrophic backtracking regex that could be used as a
+DOS attack.
+
+:cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
 
 Other Changes
 =============