add CVE-2015-5477

diff --git a/README b/README
index 21817d32e80595a535a1b935f91f4970e2ad721a..d3df48d3130f3293963d23f6d207bf433f9161c7 100644 (file)
--- a/README
+++ b/README
@@ -51,6 +51,11 @@ BIND 9
        For up-to-date release notes and errata, see
        http://www.isc.org/software/bind9/releasenotes
 
+BIND 9.9.8
+
+       BIND 9.9.8 is a maintenance release and addresses bugs
+       found in BIND 9.9.7 and earlier, as well as the security
+       flaws described in CVE-2015-4620 and CVE-2015-5477.
 
 BIND 9.9.7
 

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 5b66d1bc9690fa93fac64e3df905a80d42d8860b..5eaa5053e0f1d29a32e46140e5b08c5c1e637c33 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -38,6 +38,16 @@
   <sect2 id="relnotes_security">
     <title>Security Fixes</title>
     <itemizedlist>
+      <listitem>
+       <para>
+         A specially crafted query could trigger an assertion failure
+         in message.c.
+       </para>
+       <para>
+         This flaw was discovered by Jonathan Foote, and is disclosed
+         in CVE-2015-5477. [RT #39795]
+       </para>
+      </listitem>
       <listitem>
        <para>
          On servers configured to perform DNSSEC validation, an
@@ -70,7 +80,7 @@
          them in the build.
        </para>
        <itemizedlist>
-          <listitem>
+         <listitem>
            <para>
              <option>fetches-per-server</option> limits the number of
              simultaneous queries that can be sent to any single
@@ -81,7 +91,7 @@
              <option>fetch-quota-params</option> option.
            </para>
          </listitem>
-          <listitem>
+         <listitem>
            <para>
              <option>fetches-per-zone</option> limits the number of
              simultaneous queries that can be sent for names within a