]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
[master] add CVE details; marked 3656 as [security]
authorEvan Hunt <each@isc.org>
Mon, 13 Jan 2014 22:51:07 +0000 (14:51 -0800)
committerEvan Hunt <each@isc.org>
Mon, 13 Jan 2014 22:54:12 +0000 (14:54 -0800)
CHANGES

diff --git a/CHANGES b/CHANGES
index fccec231a63f18c5681d2b9c0872f69f82e11de1..66cba77f0a3072375ca7f5d04b1f7916d790ec57 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -39,7 +39,8 @@
 3693.  [security]      memcpy was incorrectly called with overlapping
                        ranges resulting in malformed names being generated
                        on some platforms.  This could cause INSIST failures
-                       when serving NSEC3 signed zones.  [RT #35120]
+                       when serving NSEC3 signed zones (CVE-2014-0591).
+                       [RT #35120]
 
 3692.  [bug]           Two calls to dns_db_getoriginnode were fatal if there
                        was no data at the node. [RT #35080]
 3657.  [port]          Some readline clones don't accept NULL pointers when
                        calling add_history. [RT #34842]
 
-3656.  [bug]           Treat an all zero netmask as invalid when generating
-                       the localnets acl. [RT #34687]
+3656.  [security]      Treat an all zero netmask as invalid when generating
+                       the localnets acl. (The prior behavior could
+                       allow unexpected matches when using some versions
+                       of Winsock: CVE-2013-6320.) [RT #34687]
 
 3655.  [cleanup]       Simplify TCP message processing when requesting a
                        zone transfer.  [RT #34825]