From a2cda736e4763517c1eb35fa8d8cebc747e313a2 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 8 Feb 2023 10:47:08 +0000
Subject: [PATCH] NEWS: Add #421

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 NEWS | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 15d64778..dccf5239 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,16 @@
 dbus 1.14.6 (UNRELEASED)
 ========================
 
-Fixes:
+Denial of service fixes:
+
+• Fix an incorrect assertion that could be used to crash dbus-daemon or
+  other users of DBusServer prior to authentication, if libdbus was compiled
+  with assertions enabled.
+  We recommend that production builds of dbus, for example in OS distributions,
+  should be compiled with checks but without assertions.
+  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
+
+Other fixes:
 
 • When connected to a dbus-broker, stop dbus-monitor from incorrectly
   replying to Peer method calls that were sent to the dbus-broker with