From: Evan Hunt <each@isc.org>
Date: Fri, 20 Sep 2019 00:51:51 +0000 (-0700)
Subject: CHANGES, release note
X-Git-Tag: v9.14.7~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8af8d626d37c9ef7533e5fdf67ac5d4290407587;p=thirdparty%2Fbind9.git

CHANGES, release note

(cherry picked from commit 03278d606285fe56f241aa6308c579b8f5d934aa)
---

diff --git a/CHANGES b/CHANGES
index e9c8fe1025f..12a1d8a54e8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5299.	[security]	A flaw in DNSSEC verification when transferring
+			mirror zones could allow data to be incorrectly
+			marked valid. (CVE-2019-6475) [GL #16P]
+
 5298.	[security]	Named could assert if a forwarder returned a
 			referral, rather than resolving the query, when QNAME
 			minimization was enabled. (CVE-2019-6476) [GL #1051]
diff --git a/doc/arm/notes-sec-fixes.xml b/doc/arm/notes-sec-fixes.xml
index 3e718fa2fc8..14b960aebdd 100644
--- a/doc/arm/notes-sec-fixes.xml
+++ b/doc/arm/notes-sec-fixes.xml
@@ -26,5 +26,12 @@
 	disclosed in CVE-2019-6476. [GL #1501]
       </para>
     </listitem>
+    <listitem>
+      <para>
+	A flaw in DNSSEC verification when transferring mirror zones
+	could allow data to be incorrectly marked valid. This flaw
+	is disclosed in CVE-2019-6475. [GL #16P]
+      </para>
+    </listitem>
   </itemizedlist>
 </section>