CHANGES: Mention CVE-2018-6942.
diff --git a/docs/CHANGES b/docs/CHANGES
index 4b52555..99c9d48 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -5,6 +5,11 @@ CHANGES BETWEEN 2.9 and 2.9.1
- Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
+ - CVE-2018-6942: Older FreeType versions can crash with certain
+ malformed variation fonts.
+
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+
II. MISCELLANEOUS