From 9f0ac8548b61651a111b7e611c90cda87dd567f0 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Tue, 25 Feb 2014 12:00:58 -0600
Subject: [PATCH] [libpng16] Mention CERT VU#684412 and CVE-2014-0333 in
 CHANGES and ANNOUNCE.

---
 ANNOUNCE | 1 +
 CHANGES  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ANNOUNCE b/ANNOUNCE
index b28bd2a7a..871a33e86 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -79,6 +79,7 @@ Version 1.6.10beta02 [February 23, 2014]
   Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
     after recognizing the IDAT chunk, which avoids an infinite loop while
     reading a datastream whose first IDAT chunk is of zero-length.
+    This fixes CERT VU#684412 and CVE-2014-0333.
   Don't recognize known sRGB profiles as sRGB if they have been hacked,
     but don't reject them and don't issue a copyright violation warning.
 
diff --git a/CHANGES b/CHANGES
index 88bea6d3f..edd720e28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4853,6 +4853,7 @@ Version 1.6.10beta02 [February 23, 2014]
   Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
     after recognizing the IDAT chunk, which avoids an infinite loop while
     reading a datastream whose first IDAT chunk is of zero-length.
+    This fixes CERT VU#684412 and CVE-2014-0333.
   Don't recognize known sRGB profiles as sRGB if they have been hacked,
     but don't reject them and don't issue a copyright violation warning.