Add release note for [GL #4152]

author Mark Andrews <marka@isc.org>

Tue, 20 Jun 2023 05:38:40 +0000 (15:38 +1000)

committer Michal Nowak <mnowak@isc.org>

Thu, 7 Sep 2023 17:54:20 +0000 (19:54 +0200)
author Mark Andrews <marka@isc.org>
Tue, 20 Jun 2023 05:38:40 +0000 (15:38 +1000)
committer Michal Nowak <mnowak@isc.org>
Thu, 7 Sep 2023 17:54:20 +0000 (19:54 +0200)
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 9caeadf29b42cf9eb05cf37ca21d0dd66314c0fe..a95c352a539cc3d97a9c3ab8a3ec1e179e91399e 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.16.44
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- Previously, sending a specially crafted message over the control
+  channel could cause the packet-parsing code to run out of available
+  stack memory, causing :iscman:`named` to terminate unexpectedly.
+  This has been fixed. (CVE-2023-3341)
+
+  ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for
+  bringing this vulnerability to our attention. :gl:`#4152`
  
  New Features
  ~~~~~~~~~~~~
author	Mark Andrews <marka@isc.org>
	Tue, 20 Jun 2023 05:38:40 +0000 (15:38 +1000)
committer	Michal Nowak <mnowak@isc.org>
	Thu, 7 Sep 2023 17:54:20 +0000 (19:54 +0200)