From a632b7a3e71a0122caa9be27fb0b1701ffb49e26 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Mon, 2 Jan 2023 00:25:49 +1100
Subject: [PATCH] Added release notes for #6842

---
 docs/releasenotes/9.4.0.rst | 34 +++++++---------------------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/docs/releasenotes/9.4.0.rst b/docs/releasenotes/9.4.0.rst
index 2b111d5e429..a0d26dc524c 100644
--- a/docs/releasenotes/9.4.0.rst
+++ b/docs/releasenotes/9.4.0.rst
@@ -1,30 +1,6 @@
 9.4.0
 -----
 
-Backwards Incompatible Changes
-==============================
-
-TODO
-^^^^
-
-TODO
-
-Deprecations
-============
-
-TODO
-^^^^
-
-TODO
-
-API Changes
-===========
-
-TODO
-^^^^
-
-TODO
-
 API Additions
 =============
 
@@ -96,10 +72,14 @@ When saving a JPEG image, a comment can now be written from
 Security
 ========
 
-TODO
-^^^^
+Fix memory DOS in ImageFont
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+A corrupt or specially crafted TTF font could have font metrics that lead to
+unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not
+check the image size before allocating memory for it. This dates to the PIL
+fork. Pilllow 8.2.0 added a check for large sizes, but did not consider the
+case where one dimension was zero.
 
 Other Changes
 =============