From: Ondřej Surý Date: Tue, 22 Jun 2021 10:33:50 +0000 (+0200) Subject: Add CHANGES and release notes for [GL #2787] X-Git-Tag: v9.17.16~25^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dd0e3b021322bae4aba621f05b1c0ffbb17df2c2;p=thirdparty%2Fbind9.git Add CHANGES and release notes for [GL #2787] --- diff --git a/CHANGES b/CHANGES index 5a036e684b3..fae091bf04b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5663. [bug] Properly handle non-zero OPCODEs when receiving the + queries over DoT and DoH channels. [GL #2787] + 5662. [bug] Views with recursion disabled are now configured with a default cache size of 2 MB, unless "max-cache-size" is explicitly set. This prevents cache RBT hash tables from diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 6e46da2b396..ced974c1f03 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -14,7 +14,11 @@ Notes for BIND 9.17.15 Security Fixes ~~~~~~~~~~~~~~ -- None. +- Sending non-zero opcode via DoT or DoH channels would trigger an assertion + failure in ``named``. This has been fixed. + + ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research + Center for responsibly disclosing the vulnerability to us. :gl:`#2787` Known Issues ~~~~~~~~~~~~ @@ -58,4 +62,4 @@ Bug Fixes - A deadlock at startup was introduced when fixing :gl:`#1875` because when locking key files for reading and writing, "in-view" logic was not taken into - account. This has been fixed. [GL #2783] + account. This has been fixed. :gl:`#2783`