From: Petr Špaček <pspacek@isc.org>
Date: Fri, 25 Feb 2022 14:14:23 +0000 (+0100)
Subject: Add Release Note for [GL #2950]
X-Git-Tag: v9.16.27~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0fc4b0bbc2364700c5d9a8640b683db92f4f739;p=thirdparty%2Fbind9.git

Add Release Note for [GL #2950]
---

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index d4649724e2e..3b0f2602fa7 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.16.27
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- The rules for acceptance of records into the cache have been tightened
+  to prevent the possibility of poisoning if forwarders send records
+  outside the configured bailiwick. (CVE-2021-25220)
+
+  ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from
+  Network and Information Security Lab, Tsinghua University, and
+  Changgen Zou from Qi An Xin Group Corp. for bringing this
+  vulnerability to our attention. :gl:`#2950`
 
 Known Issues
 ~~~~~~~~~~~~