From e8219ad8c859e9165c3970b934522c9177087c87 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 15 Mar 2023 17:41:59 +0000
Subject: Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 NEWS | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/NEWS b/NEWS
index 5e73e648..8447389c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,24 @@
+Changes in 1.15.4
+~~~~~~~~~~~~~~~~~
+Released: not yet
+
+Security fixes:
+
+* Escape special characters when displaying permissions and metadata,
+  preventing malicious apps from manipulating the appearance of the
+  permissions list using crafted metadata (CVE-2023-28101).
+
+* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
+  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
+  Note that this is specific to virtual consoles: Flatpak is not
+  vulnerable to this if run from a graphical terminal emulator such as
+  xterm, gnome-terminal or Konsole.
+
+Other bug fixes:
+
+* Document the path used for `flatpak override`
+* Translation updates: oc, pl, ru, sv, tr
+
 Changes in 1.15.3
 ~~~~~~~~~~~~~~~~~
 Released: 2023-02-21
-- 
cgit v1.2.1