Changes: Document #186 and #262

author Sebastian Pipping <sebastian@pipping.org>

Sun, 16 Jun 2019 21:37:23 +0000 (23:37 +0200)

committer Sebastian Pipping <sebastian@pipping.org>

Sun, 16 Jun 2019 21:58:45 +0000 (23:58 +0200)
author Sebastian Pipping <sebastian@pipping.org>
Sun, 16 Jun 2019 21:37:23 +0000 (23:37 +0200)
committer Sebastian Pipping <sebastian@pipping.org>
Sun, 16 Jun 2019 21:58:45 +0000 (23:58 +0200)
diff --git a/expat/Changes b/expat/Changes

index db2f3a0edc21dbf9887e22d01ca139d9d039fa50..e1c617c3cc28923703f2332dbef0f0e906a442c0 100644 (file)
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,6 +3,13 @@ NOTE: We are looking for help with a few things:
        If you can help, please get in touch.  Thanks!
  
  Release x.x.x XXX XXXXXX XX XXXX
+        Security fixes:
+       #186 #262  Fix extraction of namespace prefixes from XML names;
+                    XML names with multiple colons could end up in the
+                    wrong namespace, and take a high amount of RAM and CPU
+                    resources while processing, opening the door to
+                    use for denial-of-service attacks
+
          Other changes:
         #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
                      exporting non-API symbols
@@ -18,9 +25,11 @@ Release x.x.x XXX XXXXXX XX XXXX
  
          Special thanks to:
              Benjamin Peterson
+            Caolán McNamara
              Hanno Böck
              KangLin
              Marco Maggi
+            Rhodri James
              Sebastian Dröge
              userwithuid
              Yury Gribov
author	Sebastian Pipping <sebastian@pipping.org>
	Sun, 16 Jun 2019 21:37:23 +0000 (23:37 +0200)
committer	Sebastian Pipping <sebastian@pipping.org>
	Sun, 16 Jun 2019 21:58:45 +0000 (23:58 +0200)