From 846e7eee8bdc84b332150043a66fe8f17dc1a30b Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Sun, 1 Feb 2015 08:32:32 -0800
Subject: [PATCH 2/2] maint: reference CVE-2015-1345 from NEWS

* NEWS: Mention the CVE that was addressed by v2.21-13-g83a95bd,
"grep -F: fix a heap buffer (read) overrun".
---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 3835d8d..da8bc78 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,7 @@ GNU grep NEWS                                    -*- outline -*-
 ** Bug fixes

   grep no longer reads from uninitialized memory or from beyond the end
-  of the heap-allocated input buffer.
+  of the heap-allocated input buffer.  This fix addressed CVE-2015-1345.


 * Noteworthy changes in release 2.21 (2014-11-23) [stable]
-- 
2.2.2