From 8e9f6ea08c0fdded06efcc4c124872bb4c82c89e Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Fri, 7 Jan 2022 23:51:14 +0100
Subject: Changes: Document CVE-2022-22822 to CVE-2022-22827

---
 expat/Changes | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index 98d4f53c..d035bad6 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -20,6 +20,16 @@ Release x.x.x xxx xxxxxxxx xx xxxx
                     on variable m_groupSize in function doProlog leading
                     to realloc acting as free.
                     Impact is denial of service or more.
+            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+                    near memory allocation at multiple places.  Mitre assigned
+                    a dedicated CVE for each involved internal C function:
+                    - CVE-2022-22822 for function addBinding
+                    - CVE-2022-22823 for function build_model
+                    - CVE-2022-22824 for function defineAttribute
+                    - CVE-2022-22825 for function lookup
+                    - CVE-2022-22826 for function nextScaffoldPart
+                    - CVE-2022-22827 for function storeAtts
+                    Impact is denial of service or more.
 
         Other changes:
             #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
-- 
cgit v1.2.1