add CVE, VU and CVSS

diff --git a/CHANGES b/CHANGES
index fa2e5fcf1ea55804ebdfe0d2780f7de35a6892e1..664de9ca07653784c7f295ef0122424011cbec78 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,17 +8,25 @@
                        any matching RRSIG records.  A subsequent lookup of
                        of NO DATA cache entry could trigger a INSIST when the
                        unexpected RRSIG was also returned with the NO DATA
-                       cache entry.  [RT #22288]
+                       cache entry.
+
+                       CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
+                       CVE-2010-3613, VU#706148. [RT #22288]
 
 2969.  [security]      Fix acl type processing so that allow-query works
                        in options and view statements.  Also add a new
                        set of tests to verify proper functioning.
-                       [RT #22418]
+
+                       CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N/E:F/RL:O/RC:C)
+                       CVE-2010-3615, VU#510208. [RT #22418]
 
 2968.  [security]      Named could fail to prove a data set was insecure
                        before marking it as insecure.  One set of conditions
                        that can trigger this occurs naturally when rolling
-                       DNSKEY algorithms.  [RT #22309]
+                       DNSKEY algorithms.
+
+                       CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N/E:P/RL:O/RC:C)
+                       CVE-2010-3614, VU#837744. [RT #22309]
 
 2967.  [bug]           'host -D' now turns on debugging messages earlier.
                        [RT #22361]