From 83c65d124deba617ec0f5af9f2002b289ac18ba7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Thu, 7 Apr 2022 18:54:23 -0700
Subject: maint: reference CVE-2022-1271 in 1.12's NEWS

* NEWS: Reference newly-assigned CVE number.
* cfg.mk (old_NEWS_hash)
---
 NEWS   | 1 +
 cfg.mk | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 837a592..1074c66 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,7 @@ GNU gzip NEWS                                    -*- outline -*-
 
   zgrep applied to a crafted file name with two or more newlines
   can no longer overwrite an arbitrary, attacker-selected file.
+  This addresses CVE-2022-1271, ZDI-CAN-16587.
   [bug introduced in gzip-1.3.10]
 
   zgrep now names input file on error instead of mislabeling it as
diff --git a/cfg.mk b/cfg.mk
index 74f094b..2f00e77 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -40,7 +40,7 @@ bootstrap-tools = autoconf,automake,gnulib
 # Now that we have better tests, make this the default.
 export VERBOSE = yes
 
-old_NEWS_hash = d66a67b9fd262869540fcc57b9c94e64
+old_NEWS_hash = 053f232e511b9a95079de114760117a7
 
 sc_obs_header_regex = \
   \<(STDC_HEADERS|HAVE_(LIMITS|STRING|UNISTD|STDLIB)_H)\>
-- 
cgit v1.2.1