1 files changed, 9 insertions, 2 deletions

diff --git a/expat/Changes b/expat/Changes
index 8af9da84..e6717105 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -2,11 +2,13 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
-Release x.x.x xxx xxxxxxxxxxxx xx xxxx
+Release 2.5.0 Tue October 25 2022
         Security fixes:
   #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                     destruction of a shared DTD in function
-                    XML_ExternalEntityParserCreate in out-of-memory situations
+                    XML_ExternalEntityParserCreate in out-of-memory situations.
+                    Expected impact is denial of service or potentially
+                    arbitrary code execution.
 
         Bug fixes:
        #612 #645  Fix curruption from undefined entities
@@ -15,16 +17,21 @@ Release x.x.x xxx xxxxxxxxxxxx xx xxxx
   #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                     mismatch error where a parser is reset through
                     XML_ParserReset and then reused to parse
+            #656  CMake: Fix generation of pkg-config file
+            #658  MinGW|CMake: Fix static library name
 
         Other changes:
             #663  Protect header expat_config.h from multiple inclusion
             #666  examples: Make use of XML_GetBuffer and be more
                     consistent across examples
             #648  Address compiler warnings
+       #667 #668  Version info bumped from 9:9:8 to 9:10:8;
+                    see https://verbump.de/ for what these numbers do
 
         Special thanks to:
             Jann Horn
             Mark Brand
+            Osyotr
             Rhodri James
                  and
             Google Project Zero