From: Michał Kępień <michal@isc.org>
Date: Thu, 26 Feb 2026 20:17:47 +0000 (+0100)
Subject: Reorder release notes
X-Git-Tag: v9.21.19~1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=205c35b9cdc29ec46c4bfa71e54e26711ec0af2b;p=thirdparty%2Fbind9.git

Reorder release notes
---

diff --git a/doc/notes/notes-9.21.19.rst b/doc/notes/notes-9.21.19.rst
index 436f727475e..30dc4a57538 100644
--- a/doc/notes/notes-9.21.19.rst
+++ b/doc/notes/notes-9.21.19.rst
@@ -15,6 +15,24 @@ Notes for BIND 9.21.19
 Security Fixes
 ~~~~~~~~~~~~~~
 
+- Fix a use-after-free error in ``dns_client_resolve()`` triggered by a
+  DNAME response.
+
+  This issue only affected the :iscman:`delv` tool and it has now been
+  fixed.
+
+  ISC would like to thank Vitaly Simonovich for bringing this
+  vulnerability to our attention. :gl:`#5728`
+
+- Fix a NULL pointer dereference in qp-trie cache code.
+
+  When ``RRSIG(rdtype)`` was independently cached before the RDATA for
+  the ``rdtype`` itself, :iscman:`named` would crash on the subsequent
+  query for the RDATA itself. This has been fixed.
+
+  ISC would like to thank Vitaly Simonovich for bringing this
+  vulnerability to our attention. :gl:`#5738`
+
 - Immediately remove purged ADB names and entries from the SIEVE list.
 
   Under certain circumstances, the ADB could double-count purged
@@ -62,24 +80,6 @@ Bug Fixes
 
 - Fix dnstap logging of forwarded queries. :gl:`#5724`
 
-- Fix a use-after-free error in ``dns_client_resolve()`` triggered by a
-  DNAME response.
-
-  This issue only affected the :iscman:`delv` tool and it has now been
-  fixed.
-
-  ISC would like to thank Vitaly Simonovich for bringing this
-  vulnerability to our attention. :gl:`#5728`
-
-- Fix a NULL pointer dereference in qp-trie cache code.
-
-  When ``RRSIG(rdtype)`` was independently cached before the RDATA for
-  the ``rdtype`` itself, :iscman:`named` would crash on the subsequent
-  query for the RDATA itself. This has been fixed.
-
-  ISC would like to thank Vitaly Simonovich for bringing this
-  vulnerability to our attention. :gl:`#5738`
-
 - A stale answer could have been served in case of multiple upstream
   failures when following CNAME chains. This has been fixed. :gl:`#5751`