From: Mark Andrews <marka@isc.org>
Date: Tue, 20 Jun 2023 05:38:40 +0000 (+1000)
Subject: Add release note for [GL #4152]
X-Git-Tag: v9.19.17~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecd77e610bbbd9905bda1ebfe76eaf37d6c6f866;p=thirdparty%2Fbind9.git

Add release note for [GL #4152]
---

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 6b355503610..9cd2daac3ec 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.19.17
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- Previously, sending a specially crafted message over the control
+  channel could cause the packet-parsing code to run out of available
+  stack memory, causing :iscman:`named` to terminate unexpectedly.
+  This has been fixed. (CVE-2023-3341)
+
+  ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for
+  bringing this vulnerability to our attention. :gl:`#4152`
 
 New Features
 ~~~~~~~~~~~~