CHANGES, release note.

author Evan Hunt <each@isc.org>

Fri, 8 Nov 2019 02:38:00 +0000 (18:38 -0800)

committer Evan Hunt <each@isc.org>

Mon, 18 Nov 2019 02:59:40 +0000 (18:59 -0800)
author Evan Hunt <each@isc.org>
Fri, 8 Nov 2019 02:38:00 +0000 (18:38 -0800)
committer Evan Hunt <each@isc.org>
Mon, 18 Nov 2019 02:59:40 +0000 (18:59 -0800)
diff --git a/CHANGES b/CHANGES

index ad8d29404301c9f5ff23277f8cc56b2c6b4a8963..a5981b7862cfe0a88456eafad67f9bdca99c93a7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -62,7 +62,8 @@
  5307.  [bug]           Fix hang when named-compilezone output is sent to pipe.
                         Thanks to Tony Finch. [GL !2481]
  
-5306.  [placeholder]
+5306.  [security]      Set a limit on number of simultaneous pipelined TCP
+                       queries. (CVE-2019-6477) [GL #1264]
  
  5305.  [bug]           NSEC Aggressive Cache ("synth-from-dnssec") has been
                         disabled by default because it was found to have
diff --git a/doc/arm/notes-9.15.6.xml b/doc/arm/notes-9.15.6.xml

index b5c083af4b0883097ac9bf10be4a971d693b4ef1..3d4678ab2fd3e59631f39a106c1d0cf44055d0c0 100644 (file)
--- a/doc/arm/notes-9.15.6.xml
+++ b/doc/arm/notes-9.15.6.xml
@@ -76,4 +76,17 @@
      </itemizedlist>
    </section>
  
+  <section xml:id="relnotes-9.15.6-security"><info><title>Security Fixes</title></info>
+    <itemizedlist>
+      <listitem>
+       <para>
+         Too many simultaneous pipelined TCP queries could cause
+         resource overuse. We now prevent this by enforcing a limit
+         on the number of simultaneous requests per active connection.
+         This flaw`is disclosed in CVE-2019-6477. [GL #1264]
+       </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
  </section>
author	Evan Hunt <each@isc.org>
	Fri, 8 Nov 2019 02:38:00 +0000 (18:38 -0800)
committer	Evan Hunt <each@isc.org>
	Mon, 18 Nov 2019 02:59:40 +0000 (18:59 -0800)
CHANGES		patch \| blob \| blame \| history
doc/arm/notes-9.15.6.xml		patch \| blob \| blame \| history