Added more CVE numbers [ci skip]

python-pillow · Mar 5, 2021 · 8fb5e50 · 8fb5e50
1 parent a10d2c9
commit 8fb5e50
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/docs/releasenotes/8.1.1.rst b/docs/releasenotes/8.1.1.rst
@@ -20,11 +20,11 @@ that could be used as a DOS attack.
 :cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
 since Pillow 4.3.0.
 
-There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
-container formats where Pillow did not properly check the reported
-size of the contained image. These images could cause arbitrarily
-large memory allocations. This was reported by Jiayi Lin, Luke
-Shaffer, Xinran Xie, and Akshay Ajayan of
+There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
+ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
+where Pillow did not properly check the reported size of the contained image.
+These images could cause arbitrarily large memory allocations. This was reported
+by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
 `Arizona State University <https://www.asu.edu/>`_.