CVE-2016-9147

diff --git a/README b/README
index 85a22b9146af59a88c31d84ce5a1e34ad4ade2db..6739ffec32dec96fcb4e10007a45c2b0b7002aa1 100644 (file)
--- a/README
+++ b/README
@@ -53,7 +53,7 @@ BIND 9
 
 BIND 9.10.4-P5
 
-       This version contains a fix for CVE-2016-9131.
+       This version contains a fix for CVE-2016-9131 and CVE-2016-9147.
 
 BIND 9.10.4-P4
 

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 8da86756b5183febcee58f103e85c917be565d49..cb8266c46b2184b4f6ea5db5441c40d8444a9229 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -24,8 +24,8 @@
       This document summarizes changes since BIND 9.10.4:
     </para>
     <para>
-      BIND 9.10.4-P5 addresses the security issue described in
-      CVE-2016-9131.
+      BIND 9.10.4-P5 addresses the security issues described in
+      CVE-2016-9131 and CVE-2016-9147.
     </para>
     <para>
       BIND 9.10.4-P4 addresses the security issue described in
@@ -61,6 +61,14 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+       <para>
+         Named mishandled some responses where covering RRSIG
+         records are returned without the requested data
+         resulting in a assertion failure. This flaw is disclosed in
+         CVE-2016-9147. [RT #43548]
+       </para>
+      </listitem>
       <listitem>
        <para>
          Named incorrectly tried to cache TKEY records which could