From: Evan Hunt <each@isc.org>
Date: Fri, 8 Nov 2019 02:38:00 +0000 (-0800)
Subject: CHANGES, release note.
X-Git-Tag: v9.15.6~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c54199fe1976aafed38bb464275307a43700441;p=thirdparty%2Fbind9.git

CHANGES, release note.
---

diff --git a/CHANGES b/CHANGES
index ad8d2940430..a5981b7862c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -62,7 +62,8 @@
 5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
 			Thanks to Tony Finch. [GL !2481]
 
-5306.	[placeholder]
+5306.	[security]	Set a limit on number of simultaneous pipelined TCP
+			queries. (CVE-2019-6477) [GL #1264]
 
 5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
 			disabled by default because it was found to have
diff --git a/doc/arm/notes-9.15.6.xml b/doc/arm/notes-9.15.6.xml
index b5c083af4b0..3d4678ab2fd 100644
--- a/doc/arm/notes-9.15.6.xml
+++ b/doc/arm/notes-9.15.6.xml
@@ -76,4 +76,17 @@
     </itemizedlist>
   </section>
 
+  <section xml:id="relnotes-9.15.6-security"><info><title>Security Fixes</title></info>
+    <itemizedlist>
+      <listitem>
+	<para>
+	  Too many simultaneous pipelined TCP queries could cause
+	  resource overuse. We now prevent this by enforcing a limit
+	  on the number of simultaneous requests per active connection.
+	  This flaw`is disclosed in CVE-2019-6477. [GL #1264]
+	</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
 </section>