NEWS: classify these issues as "security"

If an attacker can control client's queries
(and register names with malicious auths),
with enough work they probably can trigger the conditions often.

diff --git a/NEWS b/NEWS
index 4ff8bd37bb825123c924cd6a960808936f2e50c8..dfaa1475f77e48f7c996b539600bf98a20e319eb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 Knot Resolver 6.0.12 (2025-0m-dd)
 =================================
 
+Security
+--------
+- DoS: fix rare crashes with either of the lines below (!1682)
+  [system] requirement "h && h->end > h->begin" failed in queue_pop_impl
+  [system] requirement "val == task" failed in session2_tasklist_del
+
 Bugfixes
 --------
 - daemon: fix DoH with multiple "parallel" queries in one connection (#931, !1677)
@@ -11,9 +17,6 @@ Bugfixes
 Improvements
 ------------
 - /local-data/rpz/*/watchdog: new configuration to enable watchdog for RPZ files (!1665)
-- daemon: fix rare crashes with either of the lines below
-  [system] requirement "h && h->end > h->begin" failed in queue_pop_impl
-  [system] requirement "val == task" failed in session2_tasklist_del
 
 
 Knot Resolver 6.0.11 (2025-02-26)