<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- None.
+ Addresses could be referenced after being freed during resolver
+ processing, causing an assertion failure. The chances of this
+ happening were remote, but the introduction of a delay in
+ resolution increased them. This bug is disclosed in
+ CVE-2017-3145. [RT #46839]
</p>
</li></ul></div>
</div>
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- None.
+ Attempting to validate improperly unsigned CNAME responses
+ from secure zones could cause a validator loop. This caused
+ a delay in returning SERVFAIL and also increased the chances
+ of encountering the crash bug described in CVE-2017-3145.
+ [RT #46839]
</p>
</li></ul></div>
</div>
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- None.
+ Addresses could be referenced after being freed during resolver
+ processing, causing an assertion failure. The chances of this
+ happening were remote, but the introduction of a delay in
+ resolution increased them. This bug is disclosed in
+ CVE-2017-3145. [RT #46839]
</p>
</li></ul></div>
</div>
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- None.
+ Attempting to validate improperly unsigned CNAME responses
+ from secure zones could cause a validator loop. This caused
+ a delay in returning SERVFAIL and also increased the chances
+ of encountering the crash bug described in CVE-2017-3145.
+ [RT #46839]
</p>
</li></ul></div>
</div>