From b3af3297e4d6cf0eafb48155aa97bb06c82a9228 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 23 Jan 2025 11:40:46 +0200
Subject: [PATCH] NEWS: The security fix in 5.6.3 is known as CVE-2024-47611

---
 NEWS | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 478b24b2..a5338ae2 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,8 @@ XZ Utils Release Notes
 5.6.3 (2024-10-01)
 
     IMPORTANT: This includes a Windows-specific security fix to
-    the command line tools. liblzma isn't affected by this issue.
+    the command line tools (CVE-2024-47611). liblzma isn't affected
+    by this issue.
 
     * liblzma:
 
@@ -55,6 +56,7 @@ XZ Utils Release Notes
               which can be exploited with malicious filenames to do
               argument injection or directory traversal attacks.
               UTF-8 avoids best-fit mappings and thus fixes the issue.
+              (CVE-2024-47611)
 
               Forcing the process code page to UTF-8 is possible only
               on Windows 10 version 1903 and later. The command line