Changes: Group security notes for 2.1.0 as done in htdocs/index.html

expat/Changes

@@ -108,24 +108,25 @@ Release 2.1.1 Sat March 12 2016
             libtool now invoked with --verbose
 
 Release 2.1.0 Sat March 24 2012
+        - Security fixes:
+          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
+          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
+          #3496608: CVE-2012-0876 - Hash DOS attack.
+          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
+          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
         - Bug Fixes:
           #1742315: Harmful XML_ParserCreateNS suggestion.
-          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
           #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
           #1983953, 2517952, 2517962, 2649838: 
                 Build modifications using autoreconf instead of buildconf.sh.
           #2815947, #2884086: OBJEXT and EXEEXT support while building.
-          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
           #2517938: xmlwf should return non-zero exit status if not well-formed.
           #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
           #2855609: Dangling positionPtr after error.
-          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
-          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
           #2990652: CMake support.
           #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
           #3206497: Unitialized memory returned from XML_Parse.
           #3287849: make check fails on mingw-w64.
-          #3496608: CVE-2012-0876 - Hash DOS attack.
         - Patches:
           #1749198: pkg-config support.
           #3010222: Fix for bug #3010819.