Update release notes to match template for #7864

docs/releasenotes/2.3.1.rst

@@ -11,10 +11,10 @@ These issues reported in
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The (1) load_djpeg function in ``JpegImagePlugin.py``, (2) Ghostscript function
-in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4) _copy
+in EpsImagePlugin.py, (3) load function in ``IptcImagePlugin.py``, and (4)
-function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and
+``_copy`` function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
-Pillow before 2.3.1 do not properly create temporary files, which allow local
+and Pillow before 2.3.1 do not properly create temporary files, which allow
-users to overwrite arbitrary files and obtain sensitive information via a
+local users to overwrite arbitrary files and obtain sensitive information via a
 symlink attack on the temporary file.
 
 :cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`

docs/releasenotes/4.2.0.rst

@@ -1,6 +1,29 @@
 4.2.0
 -----
 
+Deprecations
+============
+
+Several deprecated items have been removed
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* The methods ``PIL.ImageWin.Dib.fromstring``,
+  ``PIL.ImageWin.Dib.tostring`` and
+  ``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
+  been removed.
+
+* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
+  discard the alpha channel. From Pillow 3.4.0, a deprecation warning
+  was shown. From Pillow 4.2.0, the deprecation warning is removed and
+  an :py:exc:`IOError` is raised.
+
+Removed Core Image Function
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The unused function ``Image.core.new_array`` was removed. This is an
+internal function that should not have been used by user code, but it
+was accessible from the python layer.
+
 Other Changes
 =============
 
@@ -30,26 +53,3 @@ New DecompressionBomb Warning
 :py:meth:`PIL.Image.Image.crop` now may raise a DecompressionBomb
 warning if the crop region enlarges the image over the threshold
 specified by :py:data:`PIL.Image.MAX_IMAGE_PIXELS`.
-
-Deprections
-===========
-
-Several deprecated items have been removed
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-* The methods ``PIL.ImageWin.Dib.fromstring``,
-  ``PIL.ImageWin.Dib.tostring`` and
-  ``PIL.TiffImagePlugin.ImageFileDirectory_v2.as_dict`` have
-  been removed.
-
-* Before Pillow 4.2.0, attempting to save an RGBA image as JPEG would
-  discard the alpha channel. From Pillow 3.4.0, a deprecation warning
-  was shown. From Pillow 4.2.0, the deprecation warning is removed and
-  an :py:exc:`IOError` is raised.
-
-Removed Core Image Function
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The unused function ``Image.core.new_array`` was removed. This is an
-internal function that should not have been used by user code, but it
-was accessible from the python layer.

docs/releasenotes/6.2.2.rst

@@ -4,7 +4,7 @@
 Security
 ========
 
-This release fixes several buffer overruns and DOS attacks.
+This release fixes several buffer overflow issues and a DOS attack vulnerability.
 
 :cve:`2019-19911`: DOS attack vulnerability
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

docs/releasenotes/8.3.0.rst

@@ -4,11 +4,11 @@
 Security
 ========
 
-:cve:`2021-34552`: Buffer overflow
+:cve:`2021-34552`: Fix buffer overflow
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
+PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert
-buffer overflow in Convert.c.
+function to trigger buffer overflow in ``Convert.c``.
 
 Parsing XML
 ^^^^^^^^^^^