File tree 2 files changed +6
-3
lines changed
2 files changed +6
-3
lines changed Original file line number Diff line number Diff line change @@ -5,10 +5,13 @@ Changelog (Pillow)
559.0.0 (unreleased)
66------------------
77
8+ - Restrict builtins for ImageMath.eval(). CVE TBD #5923
9+ [radarhere]
10+
811- Ensure JpegImagePlugin stops at the end of a truncated file #5921
912 [radarhere]
1013
11- - Fixed ImagePath.Path array handling #5920
14+ - Fixed ImagePath.Path array handling. CVEs TBD #5920
1215 [radarhere]
1316
1417- Remove consecutive duplicate tiles that only differ by their offset #5919
Original file line number Diff line number Diff line change @@ -122,12 +122,12 @@ Restrict builtins available to ImageMath.eval
122122To limit :py:class: `PIL.ImageMath ` to working with images, Pillow will now restrict the
123123builtins available to :py:meth: `PIL.ImageMath.eval `. This will help prevent problems
124124arising if users evaluate arbitrary expressions, such as
125- ``ImageMath.eval("exec(exit())") ``.
125+ ``ImageMath.eval("exec(exit())") ``. CVE TBD
126126
127127Fixed ImagePath.Path array handling
128128^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
129129
130- CWE-126 and CWE-665 were found when initializing ``ImagePath.Path ``.
130+ CWE-126 and CWE-665 were found when initializing ``ImagePath.Path ``. CVEs TBD
131131
132132.. _OSS-Fuzz : https://github.com/google/oss-fuzz
133133
You can’t perform that action at this time.
0 commit comments