From: Michał Kępień <michal@isc.org>
Date: Wed, 14 Feb 2024 13:49:49 +0000 (+0100)
Subject: Mention CVE-2023-50868 in CHANGES entry 6322
X-Git-Tag: v9.19.22~35^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2fd20bbaf5832963bf7e92b58f986d33590d1405;p=thirdparty%2Fbind9.git

Mention CVE-2023-50868 in CHANGES entry 6322

Since CVE-2023-50868 does not have a dedicated fix in BIND 9, mention
its CVE identifier in the CHANGES entry for CVE-2023-50387 (KeyTrap),
which accompanied the code change that addresses both of these
vulnerabilities.
---

diff --git a/CHANGES b/CHANGES
index 8dcb70e0e07..8498e65a830 100644
--- a/CHANGES
+++ b/CHANGES
@@ -85,6 +85,10 @@
 			condition due to DNS validation taking a long time.
 			(CVE-2023-50387) [GL #4424]
 
+			The same code change also addresses another problem:
+			preparing NSEC3 closest encloser proofs could exhaust
+			available CPU resources. (CVE-2023-50868) [GL #4459]
+
 6321.	[security]	Change 6315 inadvertently introduced regressions that
 			could cause named to crash. [GL #4234]