From f488b072b75d090f76aa61146ddf743813e9b81b Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 5 Jan 2022 18:25:41 +0100
Subject: [PATCH] Changes: Document integer overflow CVE-2021-46143

---
 expat/Changes | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index 4d4de0bb..98d4f53c 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -16,6 +16,10 @@ Release x.x.x xxx xxxxxxxx xx xxxx
                     where XML_ParserCreateNS is used to create the parser
                     (which needs argument "-n" when running xmlwf).
                     Impact is denial of service, or more.
+       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+                    on variable m_groupSize in function doProlog leading
+                    to realloc acting as free.
+                    Impact is denial of service or more.
 
         Other changes:
             #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
@@ -27,11 +31,13 @@ Release x.x.x xxx xxxxxxxx xx xxxx
             #536  CI: Check for realistic minimum CMake version
 
         Special thanks to:
+            An anonymous whitehat
             Christopher Degawa
             J. Peter Mugaas
             Tyson Smith
                  and
             GCC Farm Project
+            Trend Micro Zero Day Initiative
 
 Release 2.4.2 Sun December 19 2021
         Other changes: