Merge branch 'security-v9_14' into v9_14

author Tinderbox User <tbox@isc.org>

Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)

committer Tinderbox User <tbox@isc.org>

Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)
author Tinderbox User <tbox@isc.org>
Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)
committer Tinderbox User <tbox@isc.org>
Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)
diff --cc CHANGES

index f8573bf25467eab8f815bb141a88d4ac4eeb5f1c,98fd1818388864e870a7719994afffa70588d18a..e30c8b30e8edef3d339e06daf8728df92b8d68f7
--- 1/CHANGES
--- 2/CHANGES
+++ b/CHANGES
@@@ -1,6 -1,13 +1,16 @@@
+ +5301. [bug]           Detect partial prefixes / incomplete IPv4 address in
+ +                      acls. [GL #1143]
+ +
+       --- 9.14.7 released ---
+ 
+ 5299. [security]      A flaw in DNSSEC verification when transferring
+                       mirror zones could allow data to be incorrectly
+                       marked valid. (CVE-2019-6475) [GL #1252]
+ 
+ 5298. [security]      Named could assert if a forwarder returned a
+                       referral, rather than resolving the query, when QNAME
+                       minimization was enabled. (CVE-2019-6476) [GL #1051]
+ 
   5297. [bug]           Check whether a previous QNAME minimization fetch
                         is still running before starting a new one; return
                         SERVFAIL and log an error if so. [GL #1191]
diff --cc lib/dns/resolver.c
Simple merge
diff --cc lib/dns/zoneverify.c
Simple merge
author	Tinderbox User <tbox@isc.org>
	Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)
committer	Tinderbox User <tbox@isc.org>
	Sat, 19 Oct 2019 23:34:28 +0000 (23:34 +0000)
		1	2
CHANGES	patch \|	diff1 \|	diff2 \|	blob \| history
lib/dns/resolver.c	patch \|	diff1 \|	diff2 \|	blob \| history
lib/dns/zoneverify.c	patch \|	diff1 \|	diff2 \|	blob \| history