[libpng16] Reference CVE-2017-12652 in CHANGES.

commit: 61e0a3809185b84463a68df3dd39cdf004293c8c [log] [tgz]
author: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Sun Sep 03 09:01:09 2017 -0500
committer: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> Sun Sep 03 09:01:09 2017 -0500
tree: 41af2395337772ff5f520ea8ddbbbe20354b8d95
parent: fca1862ac9800e7601b5f98e7bcbeb7a5259b4ba [diff]
diff --git a/CHANGES b/CHANGES
index d67df82..3fdd8fd 100644
--- a/CHANGES
+++ b/CHANGES

@@ -5939,7 +5939,7 @@
 
 Version 1.6.32beta07 [August 3, 2017]
   Check length of all chunks except IDAT against user limit to fix an
-    OSS-fuzz issue.
+    OSS-fuzz issue (Fixes CVE-2017-12652).
 
 Version 1.6.32beta08 [August 3, 2017]
   Check length of IDAT against maximum possible IDAT size, accounting
commit	61e0a3809185b84463a68df3dd39cdf004293c8c	[log] [tgz]
author	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	Sun Sep 03 09:01:09 2017 -0500
committer	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	Sun Sep 03 09:01:09 2017 -0500
tree	41af2395337772ff5f520ea8ddbbbe20354b8d95
parent	fca1862ac9800e7601b5f98e7bcbeb7a5259b4ba [diff]