From 5a35a1d0d432a38cc035a74de7c605753423309e Mon Sep 17 00:00:00 2001 From: Frederick Price Date: Mon, 13 Mar 2023 17:15:31 -0400 Subject: [PATCH] Update changelogs with fixes that were already in, BE-584, BE-151, BE-152 --- CHANGES.rst | 8 ++++++-- docs/releasenotes/6.2.2.4.rst | 7 ++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index cdd209940..18fbc2469 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -12,7 +12,11 @@ Changelog (Pillow) since Pillow 4.3.0. [rickprice] -- Fix CVE-2021-27291 +- Fix CVE-2021-27921 + [rickprice] +- Fix CVE-2021-27922 + [rickprice] +- Fix CVE-2021-27923 [rickprice] - Fix CVE-2021-25290 @@ -40,7 +44,7 @@ since Pillow 4.3.0. - Use snprintf instead of sprintf. CVE-2021-34552 [wooken] - + 6.2.2.1 (2021-10-08) ------------------ diff --git a/docs/releasenotes/6.2.2.4.rst b/docs/releasenotes/6.2.2.4.rst index 45a389be3..ae12f46f0 100644 --- a/docs/releasenotes/6.2.2.4.rst +++ b/docs/releasenotes/6.2.2.4.rst @@ -11,6 +11,11 @@ since Pillow 4.3.0. :cve: `CVE-2021-25291`: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. -:cve: `CVE-2021-2791` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. +:cve: `CVE-2021-27921` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. + +:cve: `CVE-2021-27922` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. + +:cve: `CVE-2021-27923` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. + :cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c