From: Mark Andrews <marka@isc.org>
Date: Wed, 15 Feb 2017 01:44:12 +0000 (+1100)
Subject: add CVE-2017-3136 note
X-Git-Tag: v9.11.1rc2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42f4ea63175156f3c5b7576fc21f26de0f8a0f1d;p=thirdparty%2Fbind9.git

add CVE-2017-3136 note

(cherry picked from commit d77eadc26113486f32fea25320ae4c6f1f2e7fb2)
---

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 3a7ece28381..c5c06abafd8 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -93,6 +93,13 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>dns64</command> with <command>break-dnssec yes;</command>
+	  can result in an assertion failure. This flaw is disclosed in
+	  CVE-2017-3136.[RT #44653]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  If a server is configured with a response policy zone (RPZ)