Merge pull request #10 from ActiveState/BE-152-cve-2021-27922

Update changelogs with fixes that were already in, BE-584, BE-151, BE…

CHANGES.rst

@@ -12,7 +12,11 @@ Changelog (Pillow)
 since Pillow 4.3.0.
   [rickprice]
 
-- Fix CVE-2021-27291
+- Fix CVE-2021-27921
+  [rickprice]
+- Fix CVE-2021-27922
+  [rickprice]
+- Fix CVE-2021-27923
   [rickprice]
 
 - Fix CVE-2021-25290
@@ -40,7 +44,7 @@ since Pillow 4.3.0.
 
 - Use snprintf instead of sprintf. CVE-2021-34552
   [wooken]
-  
+
 6.2.2.1 (2021-10-08)
 ------------------
 

docs/releasenotes/6.2.2.4.rst

@@ -11,6 +11,11 @@ since Pillow 4.3.0.
 
 :cve: `CVE-2021-25291`: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
 
-:cve: `CVE-2021-2791` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
+:cve: `CVE-2021-27921` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
+
+:cve: `CVE-2021-27922` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
+
+:cve: `CVE-2021-27923` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
+
 
 :cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c