From: Doug Freed <dwfreed@mtu.edu>
Date: Mon, 13 May 2024 21:26:58 +0000 (-0500)
Subject: Fix formatting of PowerDNS SA 2024-03
X-Git-Tag: rec-5.1.0-alpha1~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68b48c4cc2c88ee34ca9e604f5d169c077f9a05f;p=thirdparty%2Fpdns.git

Fix formatting of PowerDNS SA 2024-03

Add a newline so that the list of workarounds actually becomes a list.
---

diff --git a/pdns/dnsdistdist/docs/security-advisories/powerdns-advisory-for-dnsdist-2024-03.rst b/pdns/dnsdistdist/docs/security-advisories/powerdns-advisory-for-dnsdist-2024-03.rst
index a477121392..fdd77ca072 100644
--- a/pdns/dnsdistdist/docs/security-advisories/powerdns-advisory-for-dnsdist-2024-03.rst
+++ b/pdns/dnsdistdist/docs/security-advisories/powerdns-advisory-for-dnsdist-2024-03.rst
@@ -19,6 +19,7 @@ DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53
 `CVSS Score: 7.5 <https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1>`__, only for configurations where incoming DoH is enabled and a TCP-only/DoT backend is enabled.
 
 Two workarounds are available:
+
 - refuse incoming XFR requests via a DNSdist rule: ``addAction(OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), RCodeAction(DNSRCode.REFUSED))``
 - switch to the legacy h2o provider by setting ``library='h2o'`` in the ``addDOHLocal`` directive