From ed682ae56736073dab02e5b3277de3ffef150a9d Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 16 Jun 2019 23:37:23 +0200
Subject: [PATCH] Changes: Document #186 and #262

---
 expat/Changes | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index db2f3a0e..e1c617c3 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,6 +3,13 @@ NOTE: We are looking for help with a few things:
       If you can help, please get in touch.  Thanks!
 
 Release x.x.x XXX XXXXXX XX XXXX
+        Security fixes:
+       #186 #262  Fix extraction of namespace prefixes from XML names;
+                    XML names with multiple colons could end up in the
+                    wrong namespace, and take a high amount of RAM and CPU
+                    resources while processing, opening the door to
+                    use for denial-of-service attacks
+
         Other changes:
        #195 #197  Autotools/CMake: Utilize -fvisibility=hidden to stop
                     exporting non-API symbols
@@ -18,9 +25,11 @@ Release x.x.x XXX XXXXXX XX XXXX
 
         Special thanks to:
             Benjamin Peterson
+            CaolÃ¡n McNamara
             Hanno BÃ¶ck
             KangLin
             Marco Maggi
+            Rhodri James
             Sebastian DrÃ¶ge
             userwithuid
             Yury Gribov
-- 
2.40.0