Add CHANGES and release notes for [GL #2839]

author Evan Hunt <each@isc.org>

Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)

committer Michał Kępień <michal@isc.org>

Tue, 10 Aug 2021 10:46:54 +0000 (12:46 +0200)
author Evan Hunt <each@isc.org>
Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer Michał Kępień <michal@isc.org>
Tue, 10 Aug 2021 10:46:54 +0000 (12:46 +0200)
diff --git a/CHANGES b/CHANGES

index 6e77ae3e0e275a90dd13e9e1e7199ab74e8dda8c..1ed88661851ef881b297157c309ffe5c8194ec99 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5689.  [security]      An assertion failure occurred when rate-limiting
+                       was applied to a UDP packet exceeding the link MTU
+                       size. (CVE-2021-25218) [GL #2839]
+
  5688.  [bug]           Inline and dnssec-policy zones could fail to apply
                         changes from the unsigned zone to the signed zone
                         under certain cirumstances. [GL #2735]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 7544bffda6fcff48f9b8ee230089c608e53bcaf6..3763accfa89048530d9145d2aaea07fa378a177a 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,6 +20,10 @@ Security Fixes
    the opcode of those responses and rejecting the messages if they don't
    match the expected value. :gl:`#2762`
  
+- Fix an assertion failure that occured in ``named`` when attempting to send
+  a UDP packet exceeding the MTU size if rate-limiting was enabled.
+  (CVE-2021-25218) :gl:`#2839`
+
  Known Issues
  ~~~~~~~~~~~~
author	Evan Hunt <each@isc.org>
	Wed, 28 Jul 2021 01:02:03 +0000 (18:02 -0700)
committer	Michał Kępień <michal@isc.org>
	Tue, 10 Aug 2021 10:46:54 +0000 (12:46 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history