From: Evan Hunt <each@isc.org>
Date: Wed, 28 Jul 2021 01:02:03 +0000 (-0700)
Subject: Add CHANGES and release notes for [GL #2839]
X-Git-Tag: v9.17.17~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6afbd6782cf41dd5193b3adaa382edd60cc9352;p=thirdparty%2Fbind9.git

Add CHANGES and release notes for [GL #2839]
---

diff --git a/CHANGES b/CHANGES
index 9707cda4196..56ab22d58ec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-5689.	[placeholder]
+5689.	[security]	An assertion failure occurred when rate-limiting
+			was applied to a UDP packet exceeding the link MTU
+			size. (CVE-2021-25218) [GL #2839]
 
 5688.	[bug]		Inline and dnssec-policy zones could fail to apply
 			changes from the unsigned zone to the signed zone
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index c6a5892d0ed..fb6b8ae3d6d 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,6 +20,10 @@ Security Fixes
   the opcode of those responses and rejecting the messages if they don't
   match the expected value. :gl:`#2762`
 
+- Fix an assertion failure that occured in ``named`` when attempting to send
+  a UDP packet exceeding the MTU size if rate-limiting was enabled.
+  (CVE-2021-25218) :gl:`#2839`
+
 Known Issues
 ~~~~~~~~~~~~