Add CHANGES and release notes for [GL #2839]

author Evan Hunt <each@isc.org>

Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)

committer Michał Kępień <michal@isc.org>

Thu, 19 Aug 2021 05:12:33 +0000 (07:12 +0200)
author Evan Hunt <each@isc.org>
Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer Michał Kępień <michal@isc.org>
Thu, 19 Aug 2021 05:12:33 +0000 (07:12 +0200)
diff --git a/CHANGES b/CHANGES

index 031208f2ff41219f9858b5db41d7a5c2d7ca083d..3ae10f17e23c3884cdd60b37c36ee0da0d66c964 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -29,7 +29,9 @@
                         predecessor key that does not need to be refreshed.
                         [GL #1551]
  
-5689.  [placeholder]
+5689.  [security]      An assertion failure occurred when rate-limiting
+                       was applied to a UDP packet exceeding the link MTU
+                       size. (CVE-2021-25218) [GL #2839]
  
  5688.  [bug]           Inline and dnssec-policy zones could fail to apply
                         changes from the unsigned zone to the signed zone
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index e17d4ebb8c6ac884362435ded5e2603a83ae5562..38ae03840085c06e9ea97ccbbf8677f6b5a02b82 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,6 +20,10 @@ Security Fixes
    the opcode of those responses and rejecting the messages if they don't
    match the expected value. :gl:`#2762`
  
+- Fix an assertion failure that occured in ``named`` when attempting to send
+  a UDP packet exceeding the MTU size if rate-limiting was enabled.
+  (CVE-2021-25218) :gl:`#2839`
+
  Known Issues
  ~~~~~~~~~~~~
author	Evan Hunt <each@isc.org>
	Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer	Michał Kępień <michal@isc.org>
	Thu, 19 Aug 2021 05:12:33 +0000 (07:12 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history