From: Evan Hunt <each@isc.org>
Date: Mon, 21 May 2018 16:51:20 +0000 (-0700)
Subject: update CHANGES
X-Git-Tag: v9.13.0~7^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b67376e420c4fd239dd983c77b231729e241ce2;p=thirdparty%2Fbind9.git

update CHANGES
---

diff --git a/CHANGES b/CHANGES
index dd038c4fd82..61ca53953f4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -49,7 +49,10 @@
 4935.	[func]		Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
 			call were added). [GL #191]
 
-4934.	[placeholder]
+4934.	[security]	Simultaneous use of stale cache records and NSEC
+			aggressive negative caching could trigger a recursion
+			loop. (CVE-2018-5737) [GL #185]
+
 
 4933.	[bug]		Not creating signing keys for an inline signed zone
 			prevented changes applied to the raw zone from being
@@ -121,10 +124,10 @@
 			like dig without IDN support.  libidn2 version 2.0
 			or higher is needed for +idnout enabled by default.
 
-4914.	[bug]		A bug in zone database reference counting could lead to
+4914.	[security]	A bug in zone database reference counting could lead to
 			a crash when multiple versions of a slave zone were
 			transferred from a master in close succession.
-			[GL #134]
+			(CVE-2018-5736) [GL #134]
 
 4913.	[test]		Re-implemented older unit tests in bin/tests as ATF,
 			removed the lib/tests unit testing library. [GL #115]