And another CVE for an older FreeType version.

commit: ba86636b14f876fa369c84467409b3b812d47e94 [log] [tgz]
author: Werner Lemberg <wl@gnu.org> Wed Apr 26 09:35:39 2017 +0200
committer: Werner Lemberg <wl@gnu.org> Wed Apr 26 09:35:39 2017 +0200
tree: a4e203c6d28d4e1403e19b7c8f6d9bfd25c29849
parent: 7752c68c50e651d76615de84db1e34f7ee1329b3 [diff]
diff --git a/docs/CHANGES b/docs/CHANGES
index 8ad5dfa..d42accb 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES

@@ -29,8 +29,9 @@
       now scales  the font linearly  again (bug introduced  in version
       2.4.6).
 
-    - CVE-2017-8105: Older FreeType versions has an out-of-bounds write
-      caused by a heap-based buffer overflow related to the Type 1 fonts.
+    - CVE-2017-8105:  Older  FreeType  versions has  an  out-of-bounds
+      write caused by a heap-based buffer overflow related to the Type
+      1 fonts.
 
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
 
@@ -101,6 +102,12 @@
     - Handling of  raw CID fonts was partially  broken (bug introduced
       in 2.6.4).
 
+    - CVE-2016-10328:  Older  FreeType versions had  an  out-of-bounds
+      write caused by a heap-based  buffer overflow related to the CFF
+      fonts.
+
+        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10328
+
 
   III. MISCELLANEOUS
commit	ba86636b14f876fa369c84467409b3b812d47e94	[log] [tgz]
author	Werner Lemberg <wl@gnu.org>	Wed Apr 26 09:35:39 2017 +0200
committer	Werner Lemberg <wl@gnu.org>	Wed Apr 26 09:35:39 2017 +0200
tree	a4e203c6d28d4e1403e19b7c8f6d9bfd25c29849
parent	7752c68c50e651d76615de84db1e34f7ee1329b3 [diff]