docs: Document CVE

Signed-off-by: Larry Gritz <[email protected]>
lgritz · Jul 9, 2023 · d6c151e · d6c151e
1 parent 50d51f5
commit d6c151e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -8,7 +8,7 @@ Release 2.4.13.0 (1 July 2023) -- compared to 2.4.12.0
 - *IBA*: Improve error message for IBA::ocio functions [#3887](https://github.com/OpenImageIO/oiio/pull/3887) 
 - *exif*: Convert paramvalue string to integer when needed [#3886](https://github.com/OpenImageIO/oiio/pull/3886)  (by Fabien Servant @ TCS) 
 - *exr*: Correction to dwa vs zip logic when outputting OpenEXR [#3884](https://github.com/OpenImageIO/oiio/pull/3884) 
-- *ico*: Heap-buffer-overflow [#3872](https://github.com/OpenImageIO/oiio/pull/3872)  (by xiaoxiaoafeifei) 
+- *ico*: Heap-buffer-overflow [#3872](https://github.com/OpenImageIO/oiio/pull/3872) (by xiaoxiaoafeifei) Fixes CVE-2023-36183.
 - *jpeg*: Fix density calculation  for jpeg output [#3861](https://github.com/OpenImageIO/oiio/pull/3861)  (by Loïc Vital) 
 - *jpeg2000*: Better pixel type promotion logic [#3878](https://github.com/OpenImageIO/oiio/pull/3878) 
 - *psd*: Prevent simultaneous psd thumbnail reads from clashing [#3877](https://github.com/OpenImageIO/oiio/pull/3877)