Rebase to 6.2.x

CHANGES.rst

@@ -22,6 +22,11 @@ Changelog (Pillow)
 - Fix CVE-2020-10994: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
   [rickprice]
 
+- Fix CVE-2021-28677: An issue was discovered in Pillow before 8.2.0. For EPS
+  data, the readline implementation used in EPSImageFile has to deal with any
+  combination of \r and \n as line endings.
+  [rickprice]
+
 6.2.2.4 (2023-03-29)
 ------------------
 

docs/releasenotes/6.2.2.5.rst

@@ -11,8 +11,10 @@ This release addresses several critical CVEs.
 :cve:`CVE-2021-25289`: Catch TiffDecode heap-based buffer overflow. Add test files that show the CVE was fixed
 
 :cve:`CVE-2022-22815`: Fixed ImagePath.Path array handling
+
 :cve:`CVE-2021-28675`: Fix DOS in PsdImagePlugin
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 * :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input
   layers with regard to the size of the data block, this could lead to a
   denial-of-service on :py:meth:`~PIL.Image.open` prior to
@@ -22,3 +24,13 @@ This release addresses several critical CVEs.
 :cve:`CVE-2022-22816`: Fixed ImagePath.Path array handling
 
 :cve:`CVE-2020-10994`: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
+
+:cve:`CVE-2021-28677`: An issue was discovered in Pillow before 8.2.0. For EPS
+                       data, the readline implementation used in EPSImageFile
+                       has to deal with any combination of \r and \n as line
+                       endings. It used an accidentally quadratic method of
+                       accumulating lines while looking for a line ending. A
+                       malicious EPS file could use this to perform a DoS of
+                       Pillow in the open phase, before an image was accepted
+                       for opening.
+