From c7f80b428bc7440d61f94b8ae99c5d5959369541 Mon Sep 17 00:00:00 2001
From: Carl Meyer <carl@oddbird.net>
Date: Tue, 19 Feb 2013 18:20:08 -0700
Subject: [PATCH] Don't characterize XML vulnerabilities as DoS-only.

---
 docs/releases/1.5.txt | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
index 73986d226f..c965af4228 100644
--- a/docs/releases/1.5.txt
+++ b/docs/releases/1.5.txt
@@ -631,12 +631,11 @@ databases <contrib_app_multiple_databases>` for more information.
 XML deserializer will not parse documents with a DTD
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In order to prevent exposure to denial-of-service attacks related to external
-entity references and entity expansion, the XML model deserializer now refuses
-to parse XML documents containing a DTD (DOCTYPE definition). Since the XML
-serializer does not output a DTD, this will not impact typical usage, only
-cases where custom-created XML documents are passed to Django's model
-deserializer.
+In order to prevent exposure to attacks related to external entity references
+and entity expansion, the XML model deserializer now refuses to parse XML
+documents containing a DTD (DOCTYPE definition). Since the XML serializer does
+not output a DTD, this will not impact typical usage, only cases where
+custom-created XML documents are passed to Django's model deserializer.
 
 Formsets default ``max_num``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~