[#4142] Added Changelog entry

author Thomas Markwalder <tmark@isc.org>

Mon, 6 Oct 2025 13:54:45 +0000 (09:54 -0400)

committer Andrei Pavel <andrei@isc.org>

Mon, 27 Oct 2025 15:19:08 +0000 (17:19 +0200)
author Thomas Markwalder <tmark@isc.org>
Mon, 6 Oct 2025 13:54:45 +0000 (09:54 -0400)
committer Andrei Pavel <andrei@isc.org>
Mon, 27 Oct 2025 15:19:08 +0000 (17:19 +0200)
diff --git a/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname b/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname

new file mode 100644 (file)

index 0000000..1af77eb
--- /dev/null
+++ b/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname
@@ -0,0 +1,6 @@
+[sec]          tmark
+       When a hostname or FQDN received from a client is
+       reduced to an empty string by hostname sanitiziing,
+       kea-dhcp4 and kea-dhcp6 will now drop the option.
+    CVE:2025-11232
+       (Gitlab #4142)
author	Thomas Markwalder <tmark@isc.org>
	Mon, 6 Oct 2025 13:54:45 +0000 (09:54 -0400)
committer	Andrei Pavel <andrei@isc.org>
	Mon, 27 Oct 2025 15:19:08 +0000 (17:19 +0200)