Add NEWS entry for CVE-2020-1752 (bug 25414)

diff --git a/NEWS b/NEWS
index e0379fc..68a408a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+  CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by