Add CHANGES and release notes for GL #2028

diff --git a/CHANGES b/CHANGES
index 80a180c9e434b959cf6711102c394401f4cb485e..b4cc904652cc175dcfcb2450d41c40c1437e0ad8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -22,6 +22,10 @@
                        derived from the client query processing timeout
                        configured for a resolver. [GL #2024]
 
+5476.  [security]      It was possible to trigger an assertion failure when
+                       verifying the response to a TSIG-signed request.
+                       (CVE-2020-8622) [GL #2028]
+
 5475.  [bug]           Fix RPZ wildcard passthru ignored when a rejection
                        would overwrite a passthru action matching some
                        rule in a previously loaded passthru rpz zone.

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 8869aff882cde70cd8a905a2198992b9b4987880..184a3b79fac4d96e1a4278e3fa2bdb500b2fa2e0 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -29,6 +29,13 @@ Security Fixes
   ISC would like to thank Joseph Gullo for bringing this vulnerability
   to our attention. [GL #1997]
 
+- It was possible to trigger an assertion failure when verifying the
+  response to a TSIG-signed request. This was disclosed in
+  CVE-2020-8622.
+
+  ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham
+  of Oracle for bringing this vulnerability to our attention. [GL #2028]
+
 Known Issues
 ~~~~~~~~~~~~