From: Mark Andrews <marka@isc.org>
Date: Tue, 31 Mar 2020 06:22:15 +0000 (+1100)
Subject: Add release notes entry
X-Git-Tag: v9.14.12~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0970157328239c515dac200d8c4840c557b8060;p=thirdparty%2Fbind9.git

Add release notes entry
---

diff --git a/doc/arm/notes-9.14.12.xml b/doc/arm/notes-9.14.12.xml
index 47b919e0efc..42761216b81 100644
--- a/doc/arm/notes-9.14.12.xml
+++ b/doc/arm/notes-9.14.12.xml
@@ -13,6 +13,17 @@
 
   <section xml:id="relnotes-9.14.12-security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+        <para>
+          To prevent exhaustion of server resources by a maliciously configured
+          domain, the number of recursive queries that can be triggered by a
+          request before aborting recursion has been further limited. Root and
+          top-level domain servers are no longer exempt from the
+          <command>max-recursion-queries</command> limit. Fetches for missing
+          name server address records are limited to 4 for any domain. This
+          issue was disclosed in CVE-2020-8616. [GL #1388]
+        </para>
+      </listitem>
       <listitem>
         <para>
           Replaying a TSIG BADTIME response as a request could