add CHANGES and release notes entries

author Mark Andrews <marka@isc.org>

Wed, 6 Feb 2019 19:36:20 +0000 (11:36 -0800)

committer Evan Hunt <each@isc.org>

Thu, 21 Feb 2019 01:45:50 +0000 (17:45 -0800)
author Mark Andrews <marka@isc.org>
Wed, 6 Feb 2019 19:36:20 +0000 (11:36 -0800)
committer Evan Hunt <each@isc.org>
Thu, 21 Feb 2019 01:45:50 +0000 (17:45 -0800)
diff --git a/CHANGES b/CHANGES

index 2f43c993ccf2ec1b10127a37bb66b7e40f22e3a7..ff550880801e98f5fa585a2c0ad3def0bb33cd6e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -85,7 +85,9 @@
                         and "nsdname-enable" both now default to yes,
                         regardless of compile-time settings. [GL #824]
  
-5141.  [placeholder]
+5141.  [security]      Zone transfer controls for writable DLZ zones were
+                       not effective as the allowzonexfr method was not being
+                       called for such zones. (CVE-2019-6465) [GL #790]
  
  5140.  [bug]           Don't immediately mark existing keys as inactive and
                         deleted when running dnssec-keymgr for the first
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml

index 79256ea5c198cf6866ee18fb3a52ae62f034d0e4..849ba261b08c6b5e0184960c4d758b6002df99a7 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -157,6 +157,14 @@
           [GL #772]
         </para>
        </listitem>
+      <listitem>
+       <para>
+         Zone transfer controls for writable DLZ zones were not
+         effective as the <command>allowzonexfr</command> method was
+         not being called for such zones. This flaw is disclosed in
+         CVE-2019-6465. [GL #790]
+       </para>
+      </listitem>
      </itemizedlist>
    </section>
author	Mark Andrews <marka@isc.org>
	Wed, 6 Feb 2019 19:36:20 +0000 (11:36 -0800)
committer	Evan Hunt <each@isc.org>
	Thu, 21 Feb 2019 01:45:50 +0000 (17:45 -0800)
CHANGES		patch \| blob \| blame \| history
doc/arm/notes.xml		patch \| blob \| blame \| history