Combine CVEs

2025-01-12 18:26:17 +03:00 · 2024-03-14 17:37:01 -04:00 · 2024-03-14 17:37:01 -04:00 · ad134c63fa
commit ad134c63fa
parent 15deb71c3a
1 changed files with 6 additions and 18 deletions
--- a/docs/releasenotes/8.1.2.rst
+++ b/docs/releasenotes/8.1.2.rst
@ -4,24 +4,12 @@
 Security
 ========

-:cve:`2021-27921`: There is an exhaustion of memory DOS in BLP images
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+:cve:`2021-27921`, :cve:`2021-27922`, :cve:`2021-27923`: Fix DOS attacks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the
-reported size of the contained image. These images could cause arbitrarily large memory
-allocations.
+There is an exhaustion of memory DOS attack in BLP, ICNS, ICO images
+where Pillow did not properly check the reported size of the contained image.
+These images could cause arbitrarily large memory allocations.

-:cve:`2021-27922`: There is an exhaustion of memory DOS in ICNS images
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
-reported size of the contained image. These images could cause arbitrarily large memory allocations.
-
-:cve:`2021-27923`: There is an exhaustion of memory DOS in ICO images
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported
-size of the contained image. These images could cause arbitrarily large memory allocations.
-
-These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
+These issues were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
 Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.