Add CHANGES entry for [GL #2467]

author Mark Andrews <marka@isc.org>

Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)

committer Michał Kępień <michal@isc.org>

Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)
author Mark Andrews <marka@isc.org>
Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer Michał Kępień <michal@isc.org>
Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)
diff --git a/CHANGES b/CHANGES

index f3929a8e418fcd5a6160e5d8e73e5d2f8d4e190f..1a71c6ba99f55a38c8092d1312d3c72c20f0934d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,13 @@
                         configuration included the "tkey-gssapi-credential"
                         option. This has been fixed. [GL #2634]
  
+5615.  [security]      Insufficient IXFR checks could result in named serving a
+                       zone without an SOA record at the apex, leading to a
+                       RUNTIME_CHECK assertion failure when the zone was
+                       subsequently refreshed. This has been fixed by adding an
+                       owner name check for all SOA records which are included
+                       in a zone transfer. (CVE-2021-25214) [GL #2467]
+
  5614.  [bug]           Ensure all resources are properly cleaned up when a call
                         to gss_accept_sec_context() fails. [GL #2620]
author	Mark Andrews <marka@isc.org>
	Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer	Michał Kępień <michal@isc.org>
	Thu, 29 Apr 2021 09:56:03 +0000 (11:56 +0200)