--- libgig/trunk/ChangeLog	2017/10/03 17:12:07	3349
+++ libgig/trunk/ChangeLog	2017/10/03 17:35:02	3350
@@ -50,6 +50,8 @@
       behavior of the first two EGs' state machines.
     - Fixed undefined behavior when loading a gig file with invalid
       velocity curve parameters (fixes CVE-2017-12951).
+    - Fixed undefined behavior when loading a gig file with invalid wave
+      pool index number (fixes CVE-2017-12954).
 
   * src/DLS.cpp, src/DLS.h:
     - Sample: wave pool offsets are now 64 bits (to allow support for files