From: Ondřej Surý Date: Fri, 31 Jul 2020 07:39:46 +0000 (+0200) Subject: Add CHANGES and release note for GL #1996 X-Git-Tag: v9.17.4~10^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f2b41e11b4fda394131635bf58bc575b56e5512f;p=thirdparty%2Fbind9.git Add CHANGES and release note for GL #1996 --- diff --git a/CHANGES b/CHANGES index b01a399729a..855a42e48b2 100644 --- a/CHANGES +++ b/CHANGES @@ -18,7 +18,9 @@ 5479. [placeholder] -5478. [placeholder] +5478. [security] It was possible to trigger an assertion failure by + sending a specially crafted large TCP DNS message. + (CVE-2020-8620) [GL #1996] 5477. [bug] The idle timeout for connected TCP sockets is now derived from the client query processing timeout diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 3ee01476ab5..0b210895086 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -14,7 +14,11 @@ Notes for BIND 9.17.4 Security Fixes ~~~~~~~~~~~~~~ -- None. +- It was possible to trigger an assertion failure by sending a specially + crafted large TCP DNS message. This was disclosed in CVE-2020-8620. + + ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for + bringing this vulnerability to our attention. [GL #1996] Known Issues ~~~~~~~~~~~~