From 632a11f91f0d932ac498e9e6ca022c9903ab05e9 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Mon, 16 Apr 2018 19:51:37 +0200
Subject: [PATCH] CHANGES: Mention CVE-2018-6942.

---
 docs/CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/CHANGES b/docs/CHANGES
index 4b525558e..99c9d481c 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -5,6 +5,11 @@ CHANGES BETWEEN 2.9 and 2.9.1
     - Type  1  fonts  containing   flex  features  were  not  rendered
       correctly (bug introduced in version 2.9).
 
+    - CVE-2018-6942: Older FreeType versions can crash with certain
+      malformed variation fonts.
+
+        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+
 
   II. MISCELLANEOUS