Mention CVE-2023-50868 in CHANGES entry 6322

Since CVE-2023-50868 does not have a dedicated fix in BIND 9, mention
its CVE identifier in the CHANGES entry for CVE-2023-50387 (KeyTrap),
which accompanied the code change that addresses both of these
vulnerabilities.

(cherry picked from commit 2fd20bbaf5832963bf7e92b58f986d33590d1405)

diff --git a/CHANGES b/CHANGES
index 773765388f16fca55ec6eba847147cca6846d416..fc0d09ec97b2a2d9dcf10231d6839b6387ebfc46 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,10 @@
                        condition due to DNS validation taking a long time.
                        (CVE-2023-50387) [GL #4424]
 
+                       The same code change also addresses another problem:
+                       preparing NSEC3 closest encloser proofs could exhaust
+                       available CPU resources. (CVE-2023-50868) [GL #4459]
+
 6321.  [security]      Change 6315 inadvertently introduced regressions that
                        could cause named to crash. [GL #4234]