On 9/9/21 2:56 PM, zangrc wrote:
8.3.2 (2021-09-02)
--
- CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]
- Fix 6-byte OOB read in FliDecode
[wiredfool]
- Add support for Python 3.10 #5569, #5570
[hugovk, radarhere]
- Ensure TIFF ``Rows
8.3.2 (2021-09-02)
--
- CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]
- Fix 6-byte OOB read in FliDecode
[wiredfool]
- Add support for Python 3.10 #5569, #5570
[hugovk, radarhere]
- Ensure TIFF ``RowsPerStrip`` is multiple of 8 for JPEG com
>From the release notes:
- CVE-2021-23437: Avoid a potential ReDoS (regular expression denial
of service) in ImageColor’s getrgb() by raising ValueError if the
color specifier is too long. Present since Pillow 5.2.0.
- Fix 6-byte out-of-bounds (OOB) read. The previous bounds check in
FliDecode.c i