From a6a2a49367f03f5d8a73c9027b45b59953ca27d8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 10 Sep 2025 19:52:39 +0200
Subject: [PATCH] docs: Promote the contract to call XML_FreeContentModel

.. when registering a custom element declaration handler
(via a call to function XML_SetElementDeclHandler)

CVE: CVE-2025-59375
Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/a6a2a49367f03f5d8a73c9027b45b59953ca27d8]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 doc/reference.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/reference.html b/doc/reference.html
index 81da4e6c..564fc1b2 100644
--- a/doc/reference.html
+++ b/doc/reference.html
@@ -1902,7 +1902,7 @@ struct XML_cp {
 <p>Sets a handler for element declarations in a DTD. The handler gets
 called with the name of the element in the declaration and a pointer
 to a structure that contains the element model. It's the user code's 
-responsibility to free model when finished with it. See <code>
+responsibility to free model when finished with via a call to <code>
 <a href="#XML_FreeContentModel">XML_FreeContentModel</a></code>.
 There is no need to free the model from the handler, it can be kept
 around and freed at a later stage.</p>