From 05367daa101247b1b5f7648b635cbe47eb220b39 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Tue, 6 Jun 2023 10:48:03 +0100
Subject: [PATCH] Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 NEWS | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index a1ce5dcdd..db2f9ce20 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,21 @@
 dbus 1.15.6 (UNRELEASED)
 ========================
 
+Denial-of-service fixes:
+
+• Fix an assertion failure in dbus-daemon when a privileged Monitoring
+  connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
+  is active, and a message from the bus driver cannot be delivered to a
+  client connection due to <deny> rules or outgoing message quota. This
+  is a denial of service if triggered maliciously by a local attacker.
+  (dbus#457; hongjinghao, Simon McVittie)
+
 Enhancements:
 
 • Special-case reading pseudo-files from Linux /proc to take into
   account the filesystem's unusual semantics (dbus!401, Luca Boccassi)
 
-Fixes:
+Other fixes:
 
 • Fix compilation on compilers not supporting __FUNCTION__
   (dbus!404, Barnabás Pőcze)
-- 
2.47.3