1 files changed, 28 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 3a05e7e..420320d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,16 +2,41 @@ NOTE: uriparser is looking for help with a few things:
       https://github.com/uriparser/uriparser/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+2019-01-02 -- 0.9.1
+
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed:
+      Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
+      addresses with embedded IPv4 address, e.g. "//[::44.1";
+      mitigated if passed parameter <afterLast> points to readable memory
+      containing a '\0' byte.
+      Thanks to Joergen Ibsen for the report!
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed: When parsing a malformed URI with an IPvFuture address
+      (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first
+      character after "v" than the actual position of the error (here: the end
+      of the string)
+  * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
+      for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
+  * Fixed: Compilation with MinGW
+      Thanks to Sandro Mani for the patch!
+  * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
+  * Improved: For parse errors, waterproof errorPos <= afterLast
+  * Soname: 1:24:0
+
 2018-10-27 -- 0.9.0
 
 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  * Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
+  * Fixed: [CVE-2018-19198]
+      Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
       Commit 864f5d4c127def386dd5cc926ad96934b297f04e
       Thanks to Google Autofuzz team for the report!
-  * Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
+  * Fixed: [CVE-2018-19199]
+      Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
       Commit f76275d4a91b28d687250525d3a0c5509bbd666f
       Thanks to Google Autofuzz team for the report!
-  * Fixed: Protect uriResetUri* against acting on NULL input
+  * Fixed: [CVE-2018-19200]
+      Protect uriResetUri* against acting on NULL input
       Commit f58c25069cf4a986fe17a80c5b38687e31feb539
 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
   * Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code