diff --git a/docs/releasenotes/2.3.1.rst b/docs/releasenotes/2.3.1.rst index 6446ebccbff..d8c41d3ed36 100644 --- a/docs/releasenotes/2.3.1.rst +++ b/docs/releasenotes/2.3.1.rst @@ -11,10 +11,10 @@ These issues reported in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function -in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) _copy -function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and -Pillow before 2.3.1 do not properly create temporary files, which allow local -users to overwrite arbitrary files and obtain sensitive information via a +in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) +``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier +and Pillow before 2.3.1 do not properly create temporary files, which allow +local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. :cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp` diff --git a/docs/releasenotes/4.2.0.rst b/docs/releasenotes/4.2.0.rst index aade307d355..2590c2610f1 100644 --- a/docs/releasenotes/4.2.0.rst +++ b/docs/releasenotes/4.2.0.rst @@ -1,6 +1,29 @@ 4.2.0 ----- +Deprecations +============ + +Several deprecated items have been removed +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The methods ``PIL.ImageWin.Dib.fromstring``, + ``PIL.ImageWin.Dib.tostring`` and + ``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have + been removed. + +* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would + discard the alpha channel. From Pillow 3.4.0, a deprecation warning + was shown. From Pillow 4.2.0, the deprecation warning is removed and + an :py:exc:`IOError` is raised. + +Removed Core Image Function +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The unused function ``Image.core.new_array`` was removed. This is an +internal function that should not have been used by user code, but it +was accessible from the python layer. + Other Changes ============= @@ -30,26 +53,3 @@ New DecompressionBomb Warning :py:meth:`PIL.Image.Image.crop` now may raise a DecompressionBomb warning if the crop region enlarges the image over the threshold specified by :py:data:`PIL.Image.MAX_IMAGE_PIXELS`. - -Deprections -=========== - -Several deprecated items have been removed -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The methods ``PIL.ImageWin.Dib.fromstring``, - ``PIL.ImageWin.Dib.tostring`` and - ``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have - been removed. - -* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would - discard the alpha channel. From Pillow 3.4.0, a deprecation warning - was shown. From Pillow 4.2.0, the deprecation warning is removed and - an :py:exc:`IOError` is raised. - -Removed Core Image Function -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The unused function ``Image.core.new_array`` was removed. This is an -internal function that should not have been used by user code, but it -was accessible from the python layer. diff --git a/docs/releasenotes/6.2.2.rst b/docs/releasenotes/6.2.2.rst index 44bb0ffe34d..f223b8f5a08 100644 --- a/docs/releasenotes/6.2.2.rst +++ b/docs/releasenotes/6.2.2.rst @@ -4,7 +4,7 @@ Security ======== -This release fixes several buffer overruns and DOS attacks. +This release fixes several buffer overflow issues and a DOS attack vulnerability. :cve:`2019-19911`: DOS attack vulnerability ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/releasenotes/8.3.0.rst b/docs/releasenotes/8.3.0.rst index 3ef9bb9b334..9f46cc1e9e9 100644 --- a/docs/releasenotes/8.3.0.rst +++ b/docs/releasenotes/8.3.0.rst @@ -4,11 +4,11 @@ Security ======== -:cve:`2021-34552`: Buffer overflow -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:cve:`2021-34552`: Fix buffer overflow +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger -buffer overflow in Convert.c. +PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert +function to trigger buffer overflow in ``Convert.c``. Parsing XML ^^^^^^^^^^^