NEWS: Add #421

Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2023-02-08 10:47:08 +0000
committer: Simon McVittie <smcv@collabora.com> 2023-02-08 12:03:30 +0000
commit: 50852eb085e4e5a88f5c647905c293cdfba33580 (patch)
tree: 4add4f60471f41cc44efa744d29af3f14d249d26
parent: 8d54aa2ffd74c0ced1b180d162abd749458ace32 (diff)
download: dbus-50852eb085e4e5a88f5c647905c293cdfba33580.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b144a818..31da9e34 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,15 @@ New features:
   strongly recommended. See test/use-as-subproject for sample code.
   (dbus!368, dbus!388; Daniel Wagner)
 
+Denial of service fixes:
+
+• Fix an incorrect assertion that could be used to crash dbus-daemon or
+  other users of DBusServer prior to authentication, if libdbus was compiled
+  with assertions enabled.
+  We recommend that production builds of dbus, for example in OS distributions,
+  should be compiled with checks but without assertions.
+  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
+
 Fixes:
 
 • When connected to a dbus-broker, stop dbus-monitor from incorrectly
author	Simon McVittie <smcv@collabora.com>	2023-02-08 10:47:08 +0000
committer	Simon McVittie <smcv@collabora.com>	2023-02-08 12:03:30 +0000
commit	50852eb085e4e5a88f5c647905c293cdfba33580 (patch)
tree	4add4f60471f41cc44efa744d29af3f14d249d26
parent	8d54aa2ffd74c0ced1b180d162abd749458ace32 (diff)
download	dbus-50852eb085e4e5a88f5c647905c293cdfba33580.tar.gz