diff --git a/UPDATING b/UPDATING
index 5539368e5a..b936517ffd 100644
--- a/UPDATING
+++ b/UPDATING
@@ -1,5 +1,17 @@
 Updating Information for MidnightBSD users.
 
+20240701:
+	OpenSSH security vulnerability
+
+	A signal handler in sshd(8) calls a function that is not async-signal-safe.
+	The signal handler is invoked when a client does not authenticate within the
+	LoginGraceTime seconds (120 by default).  This signal handler executes in the
+	context of the sshd(8)'s privileged code, which is not sandboxed and runs
+	with full root privileges.
+
+	This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd
+	and accidentally reintroduced in OpenSSH 8.5p1.
+
 20240519:
 	Stable branch 3.2 created.  Continuing development of current