5821. [bug] Fix query context management issues in the TCP part
of dig. [GL #3184]
-5820. [placeholder]
+5820. [security] An assertion could occur in resume_dslookup() if the
+ fetch had been shut down earlier. (CVE-2022-0667)
+ [GL #3129]
5819. [security] Lookups involving a DNAME could trigger an INSIST when
"synth-from-dnssec" was enabled. (CVE-2022-0635)
ISC would like to thank Vincent Levigneron from AFNIC for bringing
this vulnerability to our attention. :gl:`#3158`
+- When chasing DS records, a timed-out or artificially delayed fetch
+ could cause ``named`` to crash while resuming a DS lookup.
+ (CVE-2022-0667) :gl:`#3129`
+
Known Issues
~~~~~~~~~~~~