From the release notes:
- CVE-2021-23437: Avoid a potential ReDoS (regular expression denial
of service) in ImageColor’s getrgb() by raising ValueError if the
color specifier is too long. Present since Pillow 5.2.0.
- Fix 6-byte out-of-bounds (OOB) read. The previous bounds check in
FliDecode.c incorrectly calculated the required read buffer size when
copying a chunk, potentially reading six extra bytes off the end of
the allocated buffer from the heap. Present since Pillow 7.1.0. This
bug was found by Google’s OSS-Fuzz CIFuzz runs.
- Pillow now includes binary wheels for Python 3.10.
- Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression
(#5588).
- Updates for ImagePalette channel order (#5599).
- Hide FriBiDi shim symbols to avoid conflict with real FriBiDi
library (#5651).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
