From 1cda0967b4d3c815fc610794ad6a8fc2b913a3c5 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <stefankangas@gmail.com>
Date: Sun, 23 Feb 2025 16:25:37 +0100
Subject: [PATCH] Mention CVE-2025-1244 in NEWS

* etc/NEWS: Document CVE-2025-1244.

For anyone looking to backport this, the fix is in commit
820f0793f0b46448928905552726c1f1b999062f.
---
 etc/NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/NEWS b/etc/NEWS
index ec14e447859..1a68e70ce48 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -184,6 +184,9 @@ expectations.
 
 * Changes in Emacs 30.1
 
+** Fix shell injection vulnerability in man.el (CVE-2025-1244).
+We urge all users to upgrade immediately.
+
 ** New user option 'trusted-content' to allow potentially dangerous features.
 This option lists those files and directories whose content Emacs should
 consider as sufficiently trusted to run any part of the code contained