Add CHANGES and release notes for [GL #2839]

author Evan Hunt <each@isc.org>

Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)

committer Michał Kępień <michal@isc.org>

Tue, 10 Aug 2021 10:18:35 +0000 (12:18 +0200)
author Evan Hunt <each@isc.org>
Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer Michał Kępień <michal@isc.org>
Tue, 10 Aug 2021 10:18:35 +0000 (12:18 +0200)
diff --git a/CHANGES b/CHANGES

index 9707cda41963e5d137b2110749751da6692fe547..56ab22d58ec5c234bb7a8ddd2e892d278e70734f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-5689.  [placeholder]
+5689.  [security]      An assertion failure occurred when rate-limiting
+                       was applied to a UDP packet exceeding the link MTU
+                       size. (CVE-2021-25218) [GL #2839]
  
  5688.  [bug]           Inline and dnssec-policy zones could fail to apply
                         changes from the unsigned zone to the signed zone
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index c6a5892d0ed3513d74d87486b2218e49bdc93e8c..fb6b8ae3d6d21b72cd6ffcd27d66d9a82b801171 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,6 +20,10 @@ Security Fixes
    the opcode of those responses and rejecting the messages if they don't
    match the expected value. :gl:`#2762`
  
+- Fix an assertion failure that occured in ``named`` when attempting to send
+  a UDP packet exceeding the MTU size if rate-limiting was enabled.
+  (CVE-2021-25218) :gl:`#2839`
+
  Known Issues
  ~~~~~~~~~~~~
author	Evan Hunt <each@isc.org>
	Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer	Michał Kępień <michal@isc.org>
	Tue, 10 Aug 2021 10:18:35 +0000 (12:18 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history