From 0b2c90daef058c15e8eb2fc6098895bbf5da84dd Mon Sep 17 00:00:00 2001 From: Alex Clark Date: Wed, 13 Mar 2024 15:50:58 -0400 Subject: [PATCH] Fix based on 29a361d60ead196695523212dbb08a3ec4ca4b0d --- docs/releasenotes/10.2.0.rst | 2 +- docs/releasenotes/3.1.1.rst | 6 +++--- docs/releasenotes/3.1.2.rst | 2 +- docs/releasenotes/6.2.2.rst | 2 +- docs/releasenotes/8.0.1.rst | 2 +- docs/releasenotes/8.1.0.rst | 6 +++--- docs/releasenotes/8.2.0.rst | 2 +- docs/releasenotes/8.3.0.rst | 2 +- docs/releasenotes/8.3.2.rst | 2 +- docs/releasenotes/9.0.0.rst | 2 +- docs/releasenotes/9.0.1.rst | 4 ++-- docs/releasenotes/9.1.1.rst | 2 +- 12 files changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/releasenotes/10.2.0.rst b/docs/releasenotes/10.2.0.rst index bec558ec9a1..63cbe8806cd 100644 --- a/docs/releasenotes/10.2.0.rst +++ b/docs/releasenotes/10.2.0.rst @@ -31,7 +31,7 @@ Fix CVE-2023-50447 .. note:: More information about this vulnerability included in database record :cve:`2023-50447` ImageMath.eval: Restricted environment keys -+++++++++++++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If an attacker has control over the keys passed to the ``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute diff --git a/docs/releasenotes/3.1.1.rst b/docs/releasenotes/3.1.1.rst index d02f68aa350..7f66ac344b9 100644 --- a/docs/releasenotes/3.1.1.rst +++ b/docs/releasenotes/3.1.1.rst @@ -10,7 +10,7 @@ Fix CVE-2016-0740 .. note:: More information about this vulnerability included in database record :cve:`2016-0740` Buffer overflow in TiffDecode.c -+++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64 may overflow a buffer when reading a @@ -33,7 +33,7 @@ Fix CVE-2016-0775 .. note:: More information about this vulnerability included in database record :cve:`2016-0775` Buffer overflow in FliDecode.c -++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. @@ -67,7 +67,7 @@ Fix CVE-2016-2533 .. note:: More information about this vulnerability available in :cve:`2016-2533` Buffer overflow in PcdDecode.c -++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error. diff --git a/docs/releasenotes/3.1.2.rst b/docs/releasenotes/3.1.2.rst index 289430a714d..1a46d8e639b 100644 --- a/docs/releasenotes/3.1.2.rst +++ b/docs/releasenotes/3.1.2.rst @@ -10,7 +10,7 @@ Fix CVE-2016-3076 .. note:: More information about this vulnerability included in database record :cve:`2016-3076` Buffer overflow in Jpeg2KEncode.c -+++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pillow between 2.5.0 and 3.1.1 may overflow a buffer when writing large Jpeg2000 files, allowing for code execution or other diff --git a/docs/releasenotes/6.2.2.rst b/docs/releasenotes/6.2.2.rst index 34d8d97bacb..648d1d66d74 100644 --- a/docs/releasenotes/6.2.2.rst +++ b/docs/releasenotes/6.2.2.rst @@ -12,7 +12,7 @@ Fix CVE-2019-19911 .. note:: More information about this vulnerability included in database record :cve:`2019-19911` DOS attack vulnerability -++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~ If an FPX image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by diff --git a/docs/releasenotes/8.0.1.rst b/docs/releasenotes/8.0.1.rst index c3909ac863f..a492241d7f9 100644 --- a/docs/releasenotes/8.0.1.rst +++ b/docs/releasenotes/8.0.1.rst @@ -10,7 +10,7 @@ Fix CVE-2020-15999 .. note:: More information about this vulnerability included in database record :cve:`2020-15999` Update FreeType in wheels to `2.10.4`_ -++++++++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6. diff --git a/docs/releasenotes/8.1.0.rst b/docs/releasenotes/8.1.0.rst index b5425946778..909954a37ee 100644 --- a/docs/releasenotes/8.1.0.rst +++ b/docs/releasenotes/8.1.0.rst @@ -15,7 +15,7 @@ Fix CVE-2020-35653 .. note:: More information about this vulnerability included in database record :cve:`2020-35653` Buffer read overrun in PCX decoding -+++++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The PCX image decoder used the reported image stride to calculate the row buffer, rather than calculating it from the image size. This issue dates back @@ -27,7 +27,7 @@ Fix CVE-2020-35654 .. note:: More information about this vulnerability included in database record :cve:`2020-35654` TIFF out-of-bounds write error -++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). @@ -42,7 +42,7 @@ Fix CVE-2020-35655 .. note:: More information about this vulnerability included in database record :cve:`2020-35655` SGI Decode buffer overrun -+++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~ 4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's diff --git a/docs/releasenotes/8.2.0.rst b/docs/releasenotes/8.2.0.rst index d60be7c018a..adbabce3a45 100644 --- a/docs/releasenotes/8.2.0.rst +++ b/docs/releasenotes/8.2.0.rst @@ -13,7 +13,7 @@ Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675 :cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675` OOB read in Jpeg2KDecode -++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~ * For J2k images with multiple bands, it's legal to have different widths for each band, e.g. 1 byte for ``L``, 4 bytes for ``A``. diff --git a/docs/releasenotes/8.3.0.rst b/docs/releasenotes/8.3.0.rst index e18dc48b23c..94ad37bb1b9 100644 --- a/docs/releasenotes/8.3.0.rst +++ b/docs/releasenotes/8.3.0.rst @@ -13,7 +13,7 @@ Fix CVE-2021-34552 .. note:: More information about this vulnerability included in database record :cve:`2021-34552` Buffer overflow -+++++++++++++++ +~~~~~~~~~~~~~~~ PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger buffer overflow in Convert.c. diff --git a/docs/releasenotes/8.3.2.rst b/docs/releasenotes/8.3.2.rst index 6e393b94d99..6796365641c 100644 --- a/docs/releasenotes/8.3.2.rst +++ b/docs/releasenotes/8.3.2.rst @@ -10,7 +10,7 @@ Fix CVE-2021-23437 .. note:: More information about this vulnerability included in database record :cve:`2021-23437` Avoid potential ReDoS (regular expression denial of service) -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s :py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is diff --git a/docs/releasenotes/9.0.0.rst b/docs/releasenotes/9.0.0.rst index 130db9ebf66..534209117a5 100644 --- a/docs/releasenotes/9.0.0.rst +++ b/docs/releasenotes/9.0.0.rst @@ -49,7 +49,7 @@ Fix CVE-2022-22817 .. note:: More information about this vulnerability included in database record :cve:`2022-22817` Restrict builtins available to ImageMath.eval -+++++++++++++++++++++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To limit :py:class:`PIL.ImageMath` to working with images, Pillow will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will diff --git a/docs/releasenotes/9.0.1.rst b/docs/releasenotes/9.0.1.rst index 9501e1eabf0..ab6c6cbdde3 100644 --- a/docs/releasenotes/9.0.1.rst +++ b/docs/releasenotes/9.0.1.rst @@ -12,7 +12,7 @@ Fix CVE-2022-24303 .. note:: More information about this vulnerability included in database record :cve:`2022-24303` Temp image removal -++++++++++++++++++ +~~~~~~~~~~~~~~~~~~ If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after @@ -25,7 +25,7 @@ Fix CVE-2022-24303 .. note:: More information about this vulnerability included in database record :cve:`2022-22817` Restrict lambda expressions -+++++++++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~~~~~~~~ While Pillow 9.0 restricted top-level builtins available to :py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda diff --git a/docs/releasenotes/9.1.1.rst b/docs/releasenotes/9.1.1.rst index 3dd070d904a..f8f1a802ba0 100644 --- a/docs/releasenotes/9.1.1.rst +++ b/docs/releasenotes/9.1.1.rst @@ -12,7 +12,7 @@ Fix CVE-2022-30595 .. note:: More information about this vulnerability included in database record :cve:`2022-30595` Heap buffer overflow -++++++++++++++++++++ +~~~~~~~~~~~~~~~~~~~~ When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that