From de89dde09e25b610857076af375f291fedd9bb70 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Sat, 31 Jan 2015 03:51:20 +0100
Subject: Upate NEWS

---
 NEWS | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index d79cead..9fafde4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,14 @@
+Changes until version 2.7.4:
+
 * When a file isn't being deleted because the file contents don't match the
   patch, the resulting message is now "Not deleting file ... as content
   differs from patch" instead of "File ... is not empty after patch; not
   deleting".
 * Function names in hunks (from diff -p) are now preserved in reject files.
-* With git-style patches, symlinks that point outside the working directory
-  will no longer be created (CVE-2015-1196).
+* Patch no longer follows symbolic links to input and output files.  This
+  ensures that symbolic links created by git-style patches cannot cause
+  patch to write outside the working directory (CVE-2015-1196).
+* Various fixes.
 
 Changes in version 2.7.1:
 
-- 
cgit v1.2.1