add CVE-2017-3136 note

author Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:44:12 +0000 (12:44 +1100)

committer Mark Andrews <marka@isc.org>

Wed, 15 Feb 2017 01:45:30 +0000 (12:45 +1100)
author Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:44:12 +0000 (12:44 +1100)
committer Mark Andrews <marka@isc.org>
Wed, 15 Feb 2017 01:45:30 +0000 (12:45 +1100)
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml

index 3a7ece283812b44aca93573f99a3b053108ae4c5..c5c06abafd89a1f90b3240266051d77e1581ff77 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -93,6 +93,13 @@
  
    <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
      <itemizedlist>
+      <listitem>
+       <para>
+         <command>dns64</command> with <command>break-dnssec yes;</command>
+         can result in an assertion failure. This flaw is disclosed in
+         CVE-2017-3136.[RT #44653]
+       </para>
+      </listitem>
        <listitem>
         <para>
           If a server is configured with a response policy zone (RPZ)
author	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:44:12 +0000 (12:44 +1100)
committer	Mark Andrews <marka@isc.org>
	Wed, 15 Feb 2017 01:45:30 +0000 (12:45 +1100)