CHANGES, release note

(cherry picked from commit ab5473007e91f011d003ff0ba5ab32fa0d56360c)

diff --git a/CHANGES b/CHANGES
index 2fd7265a88e7a1e98ed3d2a90e9cb01b062a7c92..c05579199753af32f323683397462eee17efbcbc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 5201.  [bug]           Fix a possible deadlock in RPZ update code. [GL #973]
 
+5199.  [security]      In certain configurations, named could crash
+                       if nxdomain-redirect was in use and a redirected
+                       query resulted in an NXDOMAIN from the cache.
+                       (CVE-2019-6467) [GL #880]
+
 5198.  [bug]           If a fetch context was being shut down and, at the same
                        time, we returned from qname minimization, an INSIST
                        could be hit. [GL #966]

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 37ff53a7aca8130c480b574f05d66d1e4f52aaf2..225a68245e9b5b15e144e053dc069524b24a1cce 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -86,6 +86,19 @@
     </para>
   </section>
 
+  <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
+    <itemizedlist>
+      <listitem>
+        <para>
+         In certain configurations, <command>named</command> could crash
+         with an assertion failure if <command>nxdomain-redirect</command>
+         was in use and a redirected query resulted in an NXDOMAIN from the
+         cache. This flaw is disclosed in CVE-2019-6467. [GL #880]
+       </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
   <section xml:id="relnotes_features"><info><title>New Features</title></info>
     <itemizedlist>
       <listitem>