Add CHANGES and release note for [GL #4055]

author Ondřej Surý <ondrej@isc.org>

Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)

committer Michal Nowak <mnowak@isc.org>

Thu, 8 Jun 2023 10:11:09 +0000 (12:11 +0200)
author Ondřej Surý <ondrej@isc.org>
Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer Michal Nowak <mnowak@isc.org>
Thu, 8 Jun 2023 10:11:09 +0000 (12:11 +0200)
diff --git a/CHANGES b/CHANGES

index 98d1e3d11f276307a7c828754d1d3692b0cf51fe..c02537d86d4dc7d7efebca230eed123e290b7277 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,9 @@
  
  6191.  [placeholder]
  
-6190.  [placeholder]
+6190.  [security]      Improve the overmem cleaning process to prevent the
+                       cache going over the configured limit. (CVE-2023-2828)
+                       [GL #4055]
  
  6189.  [bug]           Fix an extra dns_validator deatch when encountering
                         deadling which would lead to assertion failure.
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index a3bce92751e7b45ba12c59a0d5717edd6eeca198..cfb62bd023729b3624a555602f270044d92596f7 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.19.14
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`
  
  New Features
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Thu, 1 Jun 2023 13:46:23 +0000 (15:46 +0200)
committer	Michal Nowak <mnowak@isc.org>
	Thu, 8 Jun 2023 10:11:09 +0000 (12:11 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history