From d6afbd6782cf41dd5193b3adaa382edd60cc9352 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 27 Jul 2021 18:02:03 -0700
Subject: [PATCH] Add CHANGES and release notes for [GL #2839]

---
 CHANGES                     | 4 +++-
 doc/notes/notes-current.rst | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 9707cda4196..56ab22d58ec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-5689.	[placeholder]
+5689.	[security]	An assertion failure occurred when rate-limiting
+			was applied to a UDP packet exceeding the link MTU
+			size. (CVE-2021-25218) [GL #2839]
 
 5688.	[bug]		Inline and dnssec-policy zones could fail to apply
 			changes from the unsigned zone to the signed zone
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index c6a5892d0ed..fb6b8ae3d6d 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,6 +20,10 @@ Security Fixes
   the opcode of those responses and rejecting the messages if they don't
   match the expected value. :gl:`#2762`
 
+- Fix an assertion failure that occured in ``named`` when attempting to send
+  a UDP packet exceeding the MTU size if rate-limiting was enabled.
+  (CVE-2021-25218) :gl:`#2839`
+
 Known Issues
 ~~~~~~~~~~~~
 
-- 
2.47.3