Add CHANGES entry for [GL #2467]

author Mark Andrews <marka@isc.org>

Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)

committer Michał Kępień <michal@isc.org>

Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)
author Mark Andrews <marka@isc.org>
Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer Michał Kępień <michal@isc.org>
Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)
diff --git a/CHANGES b/CHANGES

index a7acefc77da9cb5ecb2eb01b7c0d140ece952bd5..fd1f453337477f201041e33080d23af71b7dbd48 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,12 @@
  
  5616.  [placeholder]
  
-5615.  [placeholder]
+5615.  [security]      Insufficient IXFR checks could result in named serving a
+                       zone without an SOA record at the apex, leading to a
+                       RUNTIME_CHECK assertion failure when the zone was
+                       subsequently refreshed. This has been fixed by adding an
+                       owner name check for all SOA records which are included
+                       in a zone transfer. (CVE-2021-25214) [GL #2467]
  
  5614.  [bug]           Ensure all resources are properly cleaned up when a call
                         to gss_accept_sec_context() fails. [GL #2620]
author	Mark Andrews <marka@isc.org>
	Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer	Michał Kępień <michal@isc.org>
	Thu, 8 Apr 2021 11:16:15 +0000 (13:16 +0200)