Add CHANGES and release notes for GL #2028

author Mark Andrews <marka@isc.org>

Wed, 15 Jul 2020 23:15:20 +0000 (09:15 +1000)

committer Michał Kępień <michal@isc.org>

Wed, 5 Aug 2020 11:01:12 +0000 (13:01 +0200)
author Mark Andrews <marka@isc.org>
Wed, 15 Jul 2020 23:15:20 +0000 (09:15 +1000)
committer Michał Kępień <michal@isc.org>
Wed, 5 Aug 2020 11:01:12 +0000 (13:01 +0200)
diff --git a/CHANGES b/CHANGES

index 50390bb0c0e253468f1c27f67746fe0cad2af606..7e243aafc9a1643c65175fc8089b6e24732c9dae 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5476.  [security]      It was possible to trigger an assertion failure when
+                       verifying the response to a TSIG-signed request.
+                       (CVE-2020-8622) [GL #2028]
+
  5474.  [bug]           dns_rdata_hip_next() failed to return ISC_R_NOMORE
                         when it should have. [GL !3880]
  
diff --git a/doc/arm/notes-9.11.22.xml b/doc/arm/notes-9.11.22.xml

index b867722d06869efabe1e8a6553b18af38dcc0a37..c11113318fce6925113913a2053316ab2cf42f85 100644 (file)
--- a/doc/arm/notes-9.11.22.xml
+++ b/doc/arm/notes-9.11.22.xml
@@ -15,7 +15,13 @@
      <itemizedlist>
        <listitem>
          <para>
-          None.
+          It was possible to trigger an assertion failure when verifying the
+          response to a TSIG-signed request. This was disclosed in
+          CVE-2020-8622.
+        </para>
+        <para>
+          ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham
+          of Oracle for bringing this vulnerability to our attention. [GL #2028]
          </para>
        </listitem>
      </itemizedlist>
author	Mark Andrews <marka@isc.org>
	Wed, 15 Jul 2020 23:15:20 +0000 (09:15 +1000)
committer	Michał Kępień <michal@isc.org>
	Wed, 5 Aug 2020 11:01:12 +0000 (13:01 +0200)
CHANGES		patch \| blob \| blame \| history
doc/arm/notes-9.11.22.xml		patch \| blob \| blame \| history