From 39a535fb0fd36e0c6c8434ddb54b2b37804cd329 Mon Sep 17 00:00:00 2001
From: Frederick Price <fprice@pricemail.ca>
Date: Thu, 20 Apr 2023 12:56:35 -0400
Subject: [PATCH] Rebase to 6.2.x

---
 CHANGES.rst                   |  5 +++++
 docs/releasenotes/6.2.2.5.rst | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index e34772eec..b5d29d020 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -22,6 +22,11 @@ Changelog (Pillow)
 - Fix CVE-2020-10994: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
   [rickprice]
 
+- Fix CVE-2021-28677: An issue was discovered in Pillow before 8.2.0. For EPS
+  data, the readline implementation used in EPSImageFile has to deal with any
+  combination of \r and \n as line endings.
+  [rickprice]
+
 6.2.2.4 (2023-03-29)
 ------------------
 
diff --git a/docs/releasenotes/6.2.2.5.rst b/docs/releasenotes/6.2.2.5.rst
index 2e8402ded..0418a3f3e 100644
--- a/docs/releasenotes/6.2.2.5.rst
+++ b/docs/releasenotes/6.2.2.5.rst
@@ -11,8 +11,10 @@ This release addresses several critical CVEs.
 :cve:`CVE-2021-25289`: Catch TiffDecode heap-based buffer overflow. Add test files that show the CVE was fixed
 
 :cve:`CVE-2022-22815`: Fixed ImagePath.Path array handling
+
 :cve:`CVE-2021-28675`: Fix DOS in PsdImagePlugin
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 * :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input
   layers with regard to the size of the data block, this could lead to a
   denial-of-service on :py:meth:`~PIL.Image.open` prior to
@@ -22,3 +24,13 @@ This release addresses several critical CVEs.
 :cve:`CVE-2022-22816`: Fixed ImagePath.Path array handling
 
 :cve:`CVE-2020-10994`: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
+
+:cve:`CVE-2021-28677`: An issue was discovered in Pillow before 8.2.0. For EPS
+                       data, the readline implementation used in EPSImageFile
+                       has to deal with any combination of \r and \n as line
+                       endings. It used an accidentally quadratic method of
+                       accumulating lines while looking for a line ending. A
+                       malicious EPS file could use this to perform a DoS of
+                       Pillow in the open phase, before an image was accepted
+                       for opening.
+