Add CHANGES entry for [GL #2467]

author Mark Andrews <marka@isc.org>

Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)

committer Michał Kępień <michal@isc.org>

Thu, 29 Apr 2021 09:12:38 +0000 (11:12 +0200)
author Mark Andrews <marka@isc.org>
Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer Michał Kępień <michal@isc.org>
Thu, 29 Apr 2021 09:12:38 +0000 (11:12 +0200)
diff --git a/CHANGES b/CHANGES

index 03d5073fcc401cf409c99c43010f8f0cc07ff8c2..91b3ce5ba29137fe4b432569e7d488ce49dd5a97 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -37,6 +37,13 @@
                         nonsensical values and both issues have been fixed.
                         [GL #389] [GL #2289]
  
+5615.  [security]      Insufficient IXFR checks could result in named serving a
+                       zone without an SOA record at the apex, leading to a
+                       RUNTIME_CHECK assertion failure when the zone was
+                       subsequently refreshed. This has been fixed by adding an
+                       owner name check for all SOA records which are included
+                       in a zone transfer. (CVE-2021-25214) [GL #2467]
+
  5614.  [bug]           Ensure all resources are properly cleaned up when a call
                         to gss_accept_sec_context() fails. [GL #2620]
author	Mark Andrews <marka@isc.org>
	Wed, 3 Feb 2021 00:19:43 +0000 (11:19 +1100)
committer	Michał Kępień <michal@isc.org>
	Thu, 29 Apr 2021 09:12:38 +0000 (11:12 +0200)