From: Evan Hunt <each@isc.org>
Date: Fri, 20 Sep 2019 00:51:51 +0000 (-0700)
Subject: CHANGES, release note
X-Git-Tag: v9.15.5~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03278d606285fe56f241aa6308c579b8f5d934aa;p=thirdparty%2Fbind9.git

CHANGES, release note
---

diff --git a/CHANGES b/CHANGES
index 250df8baf08..0e582e6c511 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-5299.	[placeholder]
+5299.	[security]	A flaw in DNSSEC verification when transferring
+			mirror zones could allow data to be incorrectly
+			marked valid. (CVE-2019-6475) [GL #16P]
 
 5298.	[security]	Named could assert if a forwarder returned a
 			referral, rather than resolving the query, when QNAME
diff --git a/doc/arm/notes-sec-fixes.xml b/doc/arm/notes-sec-fixes.xml
index 1ad79bdf1e8..67a60146a41 100644
--- a/doc/arm/notes-sec-fixes.xml
+++ b/doc/arm/notes-sec-fixes.xml
@@ -42,5 +42,12 @@
 	disclosed in CVE-2019-6476. [GL #1501]
       </para>
     </listitem>
+    <listitem>
+      <para>
+	A flaw in DNSSEC verification when transferring mirror zones
+	could allow data to be incorrectly marked valid. This flaw
+	is disclosed in CVE-2019-6475. [GL #16P]
+      </para>
+    </listitem>
   </itemizedlist>
 </section>