diff --git a/ANNOUNCE b/ANNOUNCE
index b28bd2a7a..871a33e86 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -79,6 +79,7 @@ Version 1.6.10beta02 [February 23, 2014]
   Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
     after recognizing the IDAT chunk, which avoids an infinite loop while
     reading a datastream whose first IDAT chunk is of zero-length.
+    This fixes CERT VU#684412 and CVE-2014-0333.
   Don't recognize known sRGB profiles as sRGB if they have been hacked,
     but don't reject them and don't issue a copyright violation warning.
 
diff --git a/CHANGES b/CHANGES
index 88bea6d3f..edd720e28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4853,6 +4853,7 @@ Version 1.6.10beta02 [February 23, 2014]
   Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
     after recognizing the IDAT chunk, which avoids an infinite loop while
     reading a datastream whose first IDAT chunk is of zero-length.
+    This fixes CERT VU#684412 and CVE-2014-0333.
   Don't recognize known sRGB profiles as sRGB if they have been hacked,
     but don't reject them and don't issue a copyright violation warning.