From 3673612754ce83e27a061f0c5200c2acf522680e Mon Sep 17 00:00:00 2001
From: Fred Drake <fdrake@acm.org>
Date: Thu, 10 Jan 2002 13:50:31 +0000
Subject: [PATCH] Added item about the webbrowser security fix.

---
 Misc/NEWS | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Misc/NEWS b/Misc/NEWS
index 4429f8e04ad..fd552ed4af5 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -22,6 +22,10 @@ Library
   "anonymous@" as default password, rather than the real user and host
   name.
 
+- webbrowser: tightened up the command passed to os.system() so that
+  arbitrary shell code can't be executed because a bogus URL was
+  passed in.
+
 Tools/Demos
 
 Build