CVE-2016-9147

diff --git a/README b/README
index 55348125a76ced1d914bfe7d696ff06948c840c5..8f7eb97c19524593448d7a16b64e73de40b1b0ce 100644 (file)
--- a/README
+++ b/README
@@ -53,7 +53,7 @@ BIND 9
 
 BIND 9.11.0-P2
 
-       This version contains a fix for CVE-2016-9131.
+       This version contains a fix for CVE-2016-9131 and CVE-2016-9147.
 
 BIND 9.11.0-P1
 

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 5e707f754014ff8aa285de77598135050e6435f2..75de655f8784e5d24d879c30dde357fa15a69d4f 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -16,8 +16,8 @@
       This document summarizes changes since BIND 9.11.0:
     </para>
     <para>
-      BIND 9.11.0-P2 addresses the security issue described in
-      CVE-2016-9131.
+      BIND 9.11.0-P2 addresses the security issues described in
+      CVE-2016-9131 and CVE-2016-9147.
     </para>
     <para>
       BIND 9.11.0-P1 addresses the security issue described in
@@ -38,6 +38,14 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+       <para>
+        Named mishandled some responses where covering RRSIG
+        records are returned without the requested data
+        resulting in a assertion failure. This flaw is disclosed in
+        CVE-2016-9147. [RT #43548]
+       </para>
+      </listitem>
       <listitem>
        <para>
          Named incorrectly tried to cache TKEY records which could