From: Mark Andrews Date: Wed, 15 Jul 2020 23:15:20 +0000 (+1000) Subject: Add CHANGES and release notes for GL #2028 X-Git-Tag: v9.17.4~8^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e576baad9d7e545160fb15b052ab1699775dead8;p=thirdparty%2Fbind9.git Add CHANGES and release notes for GL #2028 --- diff --git a/CHANGES b/CHANGES index 902e52fbd81..cabd1eac716 100644 --- a/CHANGES +++ b/CHANGES @@ -28,7 +28,9 @@ derived from the client query processing timeout configured for a resolver. [GL #2024] -5476. [placeholder] +5476. [security] It was possible to trigger an assertion failure when + verifying the response to a TSIG-signed request. + (CVE-2020-8622) [GL #2028] 5475. [bug] Fix RPZ wildcard passthru ignored when a rejection would overwrite a passthru action matching some diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 7fc7d91bd8e..f5fdc44bee3 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -29,6 +29,13 @@ Security Fixes ISC would like to thank Joseph Gullo for bringing this vulnerability to our attention. [GL #1997] +- It was possible to trigger an assertion failure when verifying the + response to a TSIG-signed request. This was disclosed in + CVE-2020-8622. + + ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham + of Oracle for bringing this vulnerability to our attention. [GL #2028] + Known Issues ~~~~~~~~~~~~