From: Sebastian Pipping <sebastian@pipping.org>
Date: Sat, 4 Jun 2016 15:20:18 +0000 (+0200)
Subject: Mention recently assigned CVEs CVE-2012-6702 and CVE-2016-5300 in plaintext change log
X-Git-Tag: R_2_2_0~27
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=07cc2fcacf81b32b2e06aa918df51756525240c0;p=libexpat

Mention recently assigned CVEs CVE-2012-6702 and CVE-2016-5300 in plaintext change log
---

diff --git a/expat/Changes b/expat/Changes
index b3e6854a..e8a59ab8 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,10 +3,11 @@ Release ??? ???
             #537  CVE-2016-0718 -- fix crash on malformed input
                   CVE-2016-4472 -- improve insufficient fix to CVE-2015-1283 /
                                    CVE-2015-2716 introduced with Expat 2.1.1
-            #499  Use more entropy for hash initialization
-            #519  Resolve troublesome internal call to srand
-                    that was introduced with Expat 2.1.0
-                    when addressing CVE-2012-0876 (issue #496)
+            #499  CVE-2016-5300 -- Use more entropy for hash initialization
+                                   than the original fix to CVE-2012-0876
+            #519  CVE-2012-6702 -- Resolve troublesome internal call to srand
+                                   that was introduced with Expat 2.1.0
+                                   when addressing CVE-2012-0876 (issue #496)
 
         Bug fixes:
                   Fix uninitialized reads of size 1