NEWS: Add #421

author Simon McVittie <smcv@collabora.com>

Wed, 8 Feb 2023 10:47:08 +0000 (10:47 +0000)

committer Simon McVittie <smcv@collabora.com>

Wed, 8 Feb 2023 12:04:12 +0000 (12:04 +0000)
author Simon McVittie <smcv@collabora.com>
Wed, 8 Feb 2023 10:47:08 +0000 (10:47 +0000)
committer Simon McVittie <smcv@collabora.com>
Wed, 8 Feb 2023 12:04:12 +0000 (12:04 +0000)
diff --git a/NEWS b/NEWS

index 15d647780ed0b0725d1be60ade90fc49340b1852..dccf5239fd8ef063ccbf6bfd160030aeda2aef8b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,16 @@
  dbus 1.14.6 (UNRELEASED)
  ========================
  
-Fixes:
+Denial of service fixes:
+
+• Fix an incorrect assertion that could be used to crash dbus-daemon or
+  other users of DBusServer prior to authentication, if libdbus was compiled
+  with assertions enabled.
+  We recommend that production builds of dbus, for example in OS distributions,
+  should be compiled with checks but without assertions.
+  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
+
+Other fixes:
  
  • When connected to a dbus-broker, stop dbus-monitor from incorrectly
    replying to Peer method calls that were sent to the dbus-broker with
author	Simon McVittie <smcv@collabora.com>
	Wed, 8 Feb 2023 10:47:08 +0000 (10:47 +0000)
committer	Simon McVittie <smcv@collabora.com>
	Wed, 8 Feb 2023 12:04:12 +0000 (12:04 +0000)