From 99cec436fbd9444f57ee74ca8ae4c0a13e561a4f Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sat, 22 Jan 2022 17:49:17 +0100
Subject: Changes: Document CVE-2022-23852

---
 expat/Changes | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/expat/Changes b/expat/Changes
index 7540d38c..64d75d05 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -2,6 +2,18 @@ NOTE: We are looking for help with a few things:
       https://github.com/libexpat/libexpat/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+Release x.x.x xxx xxxxxxx xx xxxx
+        Security fixes:
+            #550  CVE-2022-23852 -- Fix signed integer overflow
+                    (undefined behavior) in function XML_GetBuffer
+                    (that is also called by function XML_Parse internally)
+                    for when XML_CONTEXT_BYTES is defined to >0 (which is both
+                    common and default).
+                    Impact is denial of service or more.
+
+        Special thanks to:
+            Samanta Navarro
+
 Release 2.4.3 Sun January 16 2022
         Security fixes:
        #531 #534  CVE-2021-45960 -- Fix issues with left shifts by >=29 places
-- 
cgit v1.2.1