]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Add CHANGES and release note for [GL #3158]
authorMark Andrews <marka@isc.org>
Wed, 16 Feb 2022 08:30:19 +0000 (19:30 +1100)
committerMichał Kępień <michal@isc.org>
Wed, 16 Mar 2022 21:11:49 +0000 (22:11 +0100)
CHANGES
doc/notes/notes-current.rst

diff --git a/CHANGES b/CHANGES
index f95a93b0f80776da69b3026f47d2e51fa9728fb7..39e5edf8bf549f04569bad0687ec5f1f33c80dde 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -37,7 +37,9 @@
 
 5820.  [placeholder]
 
-5819.  [placeholder]
+5819.  [security]      Lookups involving a DNAME could trigger an INSIST when
+                       "synth-from-dnssec" was enabled. (CVE-2022-0635)
+                       [GL #3158]
 
 5818.  [security]      A synchronous call to closehandle_cb() caused
                        isc__nm_process_sock_buffer() to be called recursively,
index 55a69b56f646245862342b3d6e636a4f3c12d97d..3844fc0124c65860048feb8955cdf2156185007c 100644 (file)
@@ -28,6 +28,12 @@ Security Fixes
   TCP sockets in the ``CLOSE_WAIT`` state when the client did not
   properly shut down the connection. (CVE-2022-0396) :gl:`#3112`
 
+- Lookups involving a DNAME could trigger an assertion failure when
+  ``synth-from-dnssec`` was enabled (which is the default).
+  (CVE-2022-0635)
+
+  ISC would like to thank Vincent Levigneron from AFNIC for bringing
+  this vulnerability to our attention. :gl:`#3158`
 
 Known Issues
 ~~~~~~~~~~~~