From: Ondřej Surý <ondrej@isc.org>
Date: Fri, 19 Jan 2024 20:11:32 +0000 (+0100)
Subject: Add CHANGES and release note for [GL #4481]
X-Git-Tag: v9.20.0~9^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1002f920f6385196a1cc480bdbf9838418754ca7;p=thirdparty%2Fbind9.git

Add CHANGES and release note for [GL #4481]
---

diff --git a/CHANGES b/CHANGES
index 7f5b381442f..3165203b82a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+6399.	[security]	Malicious DNS client that sends many queries over
+			TCP but never reads responses can cause server to
+			respond slowly or not respond at all for other
+			clients. (CVE-2024-0760) [GL #4481]
+
 6398.	[bug]		Fix potential data races in our DoH implementation
 			related to HTTP/2 session object management and
 			endpoints set object management after reconfiguration.
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 4a3db14ed4c..1cda5eeab38 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,9 @@ Notes for BIND 9.19.25
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- Malicious DNS client that sends many queries over TCP but never reads
+  responses can cause server to respond slowly or not respond at all for other
+  clients. :cve:`2024-0760` :gl:`#4481`
 
 New Features
 ~~~~~~~~~~~~