CHANGES, release note

(cherry picked from commit 332af50eed96cbcb20173f297e543adaded0ed92)

diff --git a/CHANGES b/CHANGES
index 37f40ec00649bf5fb526949721d85de25b6e84d8..24f816c8b818ac7a48a09ade8bc7ddaa7ea7b52b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+5244.  [security]      Fixed a race condition in dns_dispatch_getnext()
+                       that could cause an assertion failure if a
+                       significant number of incoming packets were
+                       rejected. (CVE-2019-6471) [GL #942]
+
 5243.  [bug]           Fix a possible race between dispatcher and socket
                        code in a high-load cold-cache resolver scenario.
                        [GL #943]

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index eb29b4747fd1b73b4c403734ea940afda9208876..70416a65d763ab2536aeac72dde5ec9d13778ba8 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -99,7 +99,15 @@
        <para>
          The TCP client quota set using the <command>tcp-clients</command>
          option could be exceeded in some cases. This could lead to
-         exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
+         exhaustion of file descriptors. This flaw is disclosed in
+         CVE-2018-5743. [GL #615]
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+         A race condition could trigger an assertion failure when
+         a large number of incoming packets were being rejected.
+         This flaw is disclosed in CVE-2019-6471. [GL #942]
        </para>
       </listitem>
     </itemizedlist>