3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
- when serving NSEC3 signed zones. [RT #35120]
+ when serving NSEC3 signed zones (CVE-2014-0591).
+ [RT #35120]
3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
was no data at the node. [RT #35080]
3657. [port] Some readline clones don't accept NULL pointers when
calling add_history. [RT #34842]
-3656. [bug] Treat an all zero netmask as invalid when generating
- the localnets acl. [RT #34687]
+3656. [security] Treat an all zero netmask as invalid when generating
+ the localnets acl. (The prior behavior could
+ allow unexpected matches when using some versions
+ of Winsock: CVE-2013-6320.) [RT #34687]
3655. [cleanup] Simplify TCP message processing when requesting a
zone transfer. [RT #34825]