)]}'
{
  "commit": "cb227cd2c919b27c6206fe0c1041a8bcc677949d",
  "tree": "80708a70ece47550e0848a21267d7657037dc65c",
  "parents": [
    "a5392f068b20c5126e356d1987f3eb74fffe1af2"
  ],
  "author": {
    "name": "Damien Neil",
    "email": "dneil@google.com",
    "time": "Fri Jul 07 11:28:45 2023 -0700"
  },
  "committer": {
    "name": "Gopher Robot",
    "email": "gobot@golang.org",
    "time": "Tue Aug 01 17:46:51 2023 +0000"
  },
  "message": "tiff: limit work when decoding malicious images\n\nFix two paths by which a malicious image could cause unreasonable\namounts of CPU consumption while decoding.\n\nAvoid iterating over every horizontal pixel when decoding\na 0-height tiled image.\n\nLimit the amount of data that will be decompressed per tile.\n\nThanks to Philippe Antoine (Catena cyber) for reporting this issue.\n\nFixes CVE-2023-29407\nFixes CVE-2023-29408\nFixes golang/go#61581\nFixes golang/go#61582\n\nChange-Id: I8cbb26fa06843c6fe9fa99810cb1315431fa7d1d\nReviewed-on: https://go-review.googlesource.com/c/image/+/514897\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nTryBot-Result: Gopher Robot \u003cgobot@golang.org\u003e\nAuto-Submit: Damien Neil \u003cdneil@google.com\u003e\nRun-TryBot: Damien Neil \u003cdneil@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "45cc056f41c6d65aa20c0096d66b2df7cd3b04c8",
      "old_mode": 33188,
      "old_path": "tiff/reader.go",
      "new_id": "f31569b6dac1fab2fe1008a97be04b355a2f474a",
      "new_mode": 33188,
      "new_path": "tiff/reader.go"
    },
    {
      "type": "modify",
      "old_id": "f91fd94f9558702d038f354f32236ab80e50ad9b",
      "old_mode": 33188,
      "old_path": "tiff/reader_test.go",
      "new_id": "4777fd20f2bb6e91dd60ab35b0082c5bf25710fb",
      "new_mode": 33188,
      "new_path": "tiff/reader_test.go"
    }
  ]
}