From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 16 Jun 2019 21:37:23 +0000 (+0200)
Subject: Changes: Document #186 and #262
X-Git-Tag: R_2_2_7~5^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed682ae56736073dab02e5b3277de3ffef150a9d;p=libexpat

Changes: Document #186 and #262
---

diff --git a/expat/Changes b/expat/Changes
index db2f3a0e..e1c617c3 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,6 +3,13 @@ NOTE: We are looking for help with a few things:
       If you can help, please get in touch.  Thanks!
 
 Release x.x.x XXX XXXXXX XX XXXX
+        Security fixes:
+       #186 #262  Fix extraction of namespace prefixes from XML names;
+                    XML names with multiple colons could end up in the
+                    wrong namespace, and take a high amount of RAM and CPU
+                    resources while processing, opening the door to
+                    use for denial-of-service attacks
+
         Other changes:
        #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
                     exporting non-API symbols
@@ -18,9 +25,11 @@ Release x.x.x XXX XXXXXX XX XXXX
 
         Special thanks to:
             Benjamin Peterson
+            Caolán McNamara
             Hanno Böck
             KangLin
             Marco Maggi
+            Rhodri James
             Sebastian Dröge
             userwithuid
             Yury Gribov