From 27dc97c365d7902a35fb59d8ee1c05e790c59ed7 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Thu, 13 Dec 2018 10:54:36 -0500
Subject: [PATCH] Add changelog entries for CVEs to update notes

---
 tomcat.spec | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tomcat.spec b/tomcat.spec
index 3cb52c0..b8f2d7b 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -692,12 +692,17 @@ fi
 %changelog
 * Thu Dec 13 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.13-1
 - Update to 9.0.13
+- Resolves: rhbz#1636513 - CVE-2018-11784 tomcat: Open redirect in default servlet
 
 * Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1:9.0.10-2
 - Drop legcy sys-v bits
 
 * Tue Jul 31 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.10-1
 - Update to 9.0.10
+- Resolves: rhbz#1624929 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
+- Resolves: rhbz#1579612 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
+- Resolves: rhbz#1607586 - CVE-2018-8034 tomcat: host name verification missing in WebSocket client
+- Resolves: rhbz#1607584 - CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
 
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild