From 4406ffb998db5a334fe98a30caf82dba555d5547 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 28 Aug 2019 16:30:27 +0200
Subject: [PATCH] Changes: Document doctype closing heap overflow

---
 expat/Changes | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index 74b4806e..28c0c5d5 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,6 +3,11 @@ NOTE: We are looking for help with a few things:
       If you can help, please get in touch.  Thanks!
 
 Release x.x.x xxx xxx xx xxxx
+        Security fixes:
+       #317 #318  Fix heap overflow triggered by XML_GetCurrentLineNumber
+                    (or XML_GetCurrentColumnNumber), and deny internal entities
+                    closing the doctype
+
         Bug fixes:
             #240  Fix cases where XML_StopParser did not have any effect
                     when called from inside of an end element handler
@@ -42,6 +47,7 @@ Release x.x.x xxx xxx xx xxxx
 
         Special thanks to:
             David Loffredo
+            Joonun Jang
             Khajapasha Mohammed
             Kishore Kunche
             Marco Maggi