2 files changed, 8 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index 65bd46e..8e29091 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@
 
 	* config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c:
 	Make temporary directory safely when ~/.w3m is unwritable.
+	Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097
+	[CVE-2018-6198]
 
 	* rc.c: Suppress error messages when ~/.w3m is unwritable.
 	Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871425
@@ -16,7 +18,7 @@
 	Update config.* with autotools-dev 20171216.1.
 
 	* table.c: Prevent negative indent value in feed_table_block_tag().
-	Bug-Debian: https://github.com/tats/w3m/issues/88
+	Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196]
 
 2018-01-06  Tatsuya Kinoshita  <tats@debian.org>
 
@@ -39,7 +41,7 @@
 2017-12-27  Tatsuya Kinoshita  <tats@debian.org>
 
 	* form.c: Prevent invalid columnPos() call in formUpdateBuffer().
-	Bug-Debian: https://github.com/tats/w3m/issues/89
+	Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197]
 
 	* main.c: Typo fix in fusage().
 	Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878106
diff --git a/NEWS b/NEWS
index b05301b..4ed621a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,9 @@
-Debian's w3m 0.5.3+git20180121
+Debian's w3m 0.5.3+git20180125
 
 * bug fixes
- - fix stack overflow with malformed text
- - fix null deref with malformed text
- - make temporary directory safely when ~/.w3m is unwritable
+ - fix stack overflow with malformed text [CVE-2018-6196]
+ - fix null deref with malformed text [CVE-2018-6197]
+ - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
  - do not remove w3mdict.cgi when "make distclean"
  - do not turn a form's GET into POST
  - correct <base ...> parsing