From 3ae79a8893ba2932ffdd1c9bfc828a96b66319ce Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 4 Sep 2019 20:43:43 +0200
Subject: [PATCH] Changes: Mention CVE and commit SHA1 for #317

---
 expat/Changes | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/expat/Changes b/expat/Changes
index 12dbf6cb..282780da 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -4,9 +4,10 @@ NOTE: We are looking for help with a few things:
 
 Release x.x.x xxx xxx xx xxxx
         Security fixes:
-       #317 #318  Fix heap overflow triggered by XML_GetCurrentLineNumber
-                    (or XML_GetCurrentColumnNumber), and deny internal entities
-                    closing the doctype
+       #317 #318  CVE-2019-15903 -- Fix heap overflow triggered by
+                    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber),
+                    and deny internal entities closing the doctype;
+                    fixed in commit c20b758c332d9a13afbbb276d30db1d183a85d43
 
         Bug fixes:
             #240  Fix cases where XML_StopParser did not have any effect
-- 
2.40.0