From: Mark Andrews <marka@isc.org>
Date: Wed, 6 Feb 2019 19:36:20 +0000 (-0800)
Subject: add CHANGES and release notes entries
X-Git-Tag: v9.12.4rc1~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2656ad4bde9a9c405cdea3485c672e3c0f8d6571;p=thirdparty%2Fbind9.git

add CHANGES and release notes entries

(cherry picked from commit 354ad18a12e84e5c660ce8e08e56382e529d8b2c)
---

diff --git a/CHANGES b/CHANGES
index deece4bf083..271e783f5d0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,10 @@
 5143.	[bug]		dnssec-keymgr and dnssec-coverage failed to find
 			key files for zone names ending in ".". [GL #560]
 
+5141.	[security]	Zone transfer controls for writable DLZ zones were
+			not effective as the allowzonexfr method was not being
+			called for such zones. (CVE-2019-6465) [GL #790]
+
 5140.	[bug]		Don't immediately mark existing keys as inactive and
 			deleted when running dnssec-keymgr for the first
 			time. [GL #117]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index d210b7088fe..0de05e397b4 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -105,6 +105,14 @@
 	  [GL #772]
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  Zone transfer controls for writable DLZ zones were not
+	  effective as the <command>allowzonexfr</command> method was
+	  not being called for such zones. This flaw is disclosed in
+	  CVE-2019-6465. [GL #790]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>