From: Stefan Kangas <stefankangas@gmail.com>
Date: Sun, 23 Feb 2025 15:25:37 +0000 (+0100)
Subject: Mention CVE-2025-1244 in NEWS
X-Git-Tag: archive/raspbian/1%30.1+1-3+rpi1^2~2^2~20^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1cda0967b4d3c815fc610794ad6a8fc2b913a3c5;p=emacs.git

Mention CVE-2025-1244 in NEWS

* etc/NEWS: Document CVE-2025-1244.

For anyone looking to backport this, the fix is in commit
820f0793f0b46448928905552726c1f1b999062f.
---

diff --git a/etc/NEWS b/etc/NEWS
index ec14e447859..1a68e70ce48 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -184,6 +184,9 @@ expectations.
 
 * Changes in Emacs 30.1
 
+** Fix shell injection vulnerability in man.el (CVE-2025-1244).
+We urge all users to upgrade immediately.
+
 ** New user option 'trusted-content' to allow potentially dangerous features.
 This option lists those files and directories whose content Emacs should
 consider as sufficiently trusted to run any part of the code contained