renovate[bot]
commented
3 years ago Renovate Ignore Notification
As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 7.x releases. However, if you upgrade to 7.x manually then Renovate will then reenable updates for minor and patch updates automatically.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.
This PR contains the following updates:
==6.2.1->==7.1.0GitHub Vulnerability Alerts
CVE-2020-5313
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2019-19911
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVE-2020-10994
In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multiple out-of-bounds reads via a crafted JP2 file.
CVE-2020-10379
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVE-2020-10177
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.
CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Release Notes
python-pillow/Pillow
### [`v7.1.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#710-2020-04-01) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/7.0.0...7.1.0) - Fix multiple OOB reads in FLI decoding [#4503](https://togithub.com/python-pillow/Pillow/issues/4503) [wiredfool] - Fix buffer overflow in SGI-RLE decoding [#4504](https://togithub.com/python-pillow/Pillow/issues/4504) [wiredfool, hugovk] - Fix bounds overflow in JPEG 2000 decoding [#4505](https://togithub.com/python-pillow/Pillow/issues/4505) [wiredfool] - Fix bounds overflow in PCX decoding [#4506](https://togithub.com/python-pillow/Pillow/issues/4506) [wiredfool] - Fix 2 buffer overflows in TIFF decoding [#4507](https://togithub.com/python-pillow/Pillow/issues/4507) [wiredfool] - Add APNG support [#4243](https://togithub.com/python-pillow/Pillow/issues/4243) [pmrowla, radarhere, hugovk] - ImageGrab.grab() for Linux with XCB [#4260](https://togithub.com/python-pillow/Pillow/issues/4260) [nulano, radarhere] - Added three new channel operations [#4230](https://togithub.com/python-pillow/Pillow/issues/4230) [dwastberg, radarhere] - Prevent masking of Image reduce method in Jpeg2KImagePlugin [#4474](https://togithub.com/python-pillow/Pillow/issues/4474) [radarhere, homm] - Added reading of earlier ImageMagick PNG EXIF data [#4471](https://togithub.com/python-pillow/Pillow/issues/4471) [radarhere] - Fixed endian handling for I;16 getextrema [#4457](https://togithub.com/python-pillow/Pillow/issues/4457) [radarhere] - Release buffer if function returns prematurely [#4381](https://togithub.com/python-pillow/Pillow/issues/4381) [radarhere] - Add JPEG comment to info dictionary [#4455](https://togithub.com/python-pillow/Pillow/issues/4455) [radarhere] - Fix size calculation of Image.thumbnail() [#4404](https://togithub.com/python-pillow/Pillow/issues/4404) [orlnub123] - Fixed stroke on FreeType < 2.9 [#4401](https://togithub.com/python-pillow/Pillow/issues/4401) [radarhere] - If present, only use alpha channel for bounding box [#4454](https://togithub.com/python-pillow/Pillow/issues/4454) [radarhere] - Warn if an unknown feature is passed to features.check() [#4438](https://togithub.com/python-pillow/Pillow/issues/4438) [jdufresne] - Fix Name field length when saving IM images [#4424](https://togithub.com/python-pillow/Pillow/issues/4424) [hugovk, radarhere] - Allow saving of zero quality JPEG images [#4440](https://togithub.com/python-pillow/Pillow/issues/4440) [radarhere] - Allow explicit zero width to hide outline [#4334](https://togithub.com/python-pillow/Pillow/issues/4334) [radarhere] - Change ContainerIO return type to match file object mode [#4297](https://togithub.com/python-pillow/Pillow/issues/4297) [jdufresne, radarhere] - Only draw each polygon pixel once [#4333](https://togithub.com/python-pillow/Pillow/issues/4333) [radarhere] - Add support for shooting situation Exif IFD tags [#4398](https://togithub.com/python-pillow/Pillow/issues/4398) [alexagv] - Handle multiple and malformed JPEG APP13 markers [#4370](https://togithub.com/python-pillow/Pillow/issues/4370) [homm] - Depends: Update libwebp to 1.1.0 [#4342](https://togithub.com/python-pillow/Pillow/issues/4342), libjpeg to 9d [#4352](https://togithub.com/python-pillow/Pillow/issues/4352) [radarhere] ### [`v7.0.0`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#700-2020-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/6.2.2...7.0.0) - Drop support for EOL Python 2.7 [#4109](https://togithub.com/python-pillow/Pillow/issues/4109) [hugovk, radarhere, jdufresne] - Fix rounding error on RGB to L conversion [#4320](https://togithub.com/python-pillow/Pillow/issues/4320) [homm] - Exif writing fixes: Rational boundaries and signed/unsigned types [#3980](https://togithub.com/python-pillow/Pillow/issues/3980) [kkopachev, radarhere] - Allow loading of WMF images at a given DPI [#4311](https://togithub.com/python-pillow/Pillow/issues/4311) [radarhere] - Added reduce operation [#4251](https://togithub.com/python-pillow/Pillow/issues/4251) [homm] - Raise ValueError for io.StringIO in Image.open [#4302](https://togithub.com/python-pillow/Pillow/issues/4302) [radarhere, hugovk] - Fix thumbnail geometry when DCT scaling is used [#4231](https://togithub.com/python-pillow/Pillow/issues/4231) [homm, radarhere] - Use default DPI when exif provides invalid x_resolution [#4147](https://togithub.com/python-pillow/Pillow/issues/4147) [beipang2, radarhere] - Change default resize resampling filter from NEAREST to BICUBIC [#4255](https://togithub.com/python-pillow/Pillow/issues/4255) [homm] - Fixed black lines on upscaled images with the BOX filter [#4278](https://togithub.com/python-pillow/Pillow/issues/4278) [homm] - Better thumbnail aspect ratio preservation [#4256](https://togithub.com/python-pillow/Pillow/issues/4256) [homm] - Add La mode packing and unpacking [#4248](https://togithub.com/python-pillow/Pillow/issues/4248) [homm] - Include tests in coverage reports [#4173](https://togithub.com/python-pillow/Pillow/issues/4173) [hugovk] - Handle broken Photoshop data [#4239](https://togithub.com/python-pillow/Pillow/issues/4239) [radarhere] - Raise a specific exception if no data is found for an MPO frame [#4240](https://togithub.com/python-pillow/Pillow/issues/4240) [radarhere] - Fix Unicode support for PyPy [#4145](https://togithub.com/python-pillow/Pillow/issues/4145) [nulano] - Added UnidentifiedImageError [#4182](https://togithub.com/python-pillow/Pillow/issues/4182) [radarhere, hugovk] - Remove deprecated **version** from plugins [#4197](https://togithub.com/python-pillow/Pillow/issues/4197) [hugovk, radarhere] - Fixed freeing unallocated pointer when resizing with height too large [#4116](https://togithub.com/python-pillow/Pillow/issues/4116) [radarhere] - Copy info in Image.transform [#4128](https://togithub.com/python-pillow/Pillow/issues/4128) [radarhere] - Corrected DdsImagePlugin setting info gamma [#4171](https://togithub.com/python-pillow/Pillow/issues/4171) [radarhere] - Depends: Update libtiff to 4.1.0 [#4195](https://togithub.com/python-pillow/Pillow/issues/4195), Tk Tcl to 8.6.10 [#4229](https://togithub.com/python-pillow/Pillow/issues/4229), libimagequant to 2.12.6 [#4318](https://togithub.com/python-pillow/Pillow/issues/4318) [radarhere] - Improve handling of file resources [#3577](https://togithub.com/python-pillow/Pillow/issues/3577) [jdufresne] - Removed CI testing of Fedora 29 [#4165](https://togithub.com/python-pillow/Pillow/issues/4165) [hugovk] - Added pypy3 to tox envlist [#4137](https://togithub.com/python-pillow/Pillow/issues/4137) [jdufresne] - Drop support for EOL PyQt4 and PySide [#4108](https://togithub.com/python-pillow/Pillow/issues/4108) [hugovk, radarhere] - Removed deprecated setting of TIFF image sizes [#4114](https://togithub.com/python-pillow/Pillow/issues/4114) [radarhere] - Removed deprecated PILLOW_VERSION [#4107](https://togithub.com/python-pillow/Pillow/issues/4107) [hugovk] - Changed default frombuffer raw decoder args [#1730](https://togithub.com/python-pillow/Pillow/issues/1730) [radarhere] ### [`v6.2.2`](https://togithub.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/6.2.1...6.2.2) - This is the last Pillow release to support Python 2.7 [#3642](https://togithub.com/python-pillow/Pillow/issues/3642) - Overflow checks for realloc for tiff decoding. CVE-2020-5310 [wiredfool, radarhere] - Catch SGI buffer overrun. CVE-2020-5311 [radarhere] - Catch PCX P mode buffer overrun. CVE-2020-5312 [radarhere] - Catch FLI buffer overrun. CVE-2020-5313 [radarhere] - Raise an error for an invalid number of bands in FPX image. CVE-2019-19911 [wiredfool, radarhere]Renovate configuration
:date: Schedule: "" in timezone Europe/Berlin.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.