From ad134c63fa7afff28b0e0e55f291919c02a34b28 Mon Sep 17 00:00:00 2001 From: Alex Clark Date: Thu, 14 Mar 2024 17:37:01 -0400 Subject: [PATCH] Combine CVEs --- docs/releasenotes/8.1.2.rst | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/docs/releasenotes/8.1.2.rst b/docs/releasenotes/8.1.2.rst index e043bc191..de6ba605e 100644 --- a/docs/releasenotes/8.1.2.rst +++ b/docs/releasenotes/8.1.2.rst @@ -4,24 +4,12 @@ Security ======== -:cve:`2021-27921`: There is an exhaustion of memory DOS in BLP images -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +:cve:`2021-27921`, :cve:`2021-27922`, :cve:`2021-27923`: Fix DOS attacks +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the -reported size of the contained image. These images could cause arbitrarily large memory -allocations. +There is an exhaustion of memory DOS attack in BLP, ICNS, ICO images +where Pillow did not properly check the reported size of the contained image. +These images could cause arbitrarily large memory allocations. -:cve:`2021-27922`: There is an exhaustion of memory DOS in ICNS images -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the -reported size of the contained image. These images could cause arbitrarily large memory allocations. - -:cve:`2021-27923`: There is an exhaustion of memory DOS in ICO images -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported -size of the contained image. These images could cause arbitrarily large memory allocations. - -These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and +These issues were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and Akshay Ajayan of `Arizona State University `_.