CHANGES, release note

diff --git a/CHANGES b/CHANGES
index 4b93b761a0ce96c0b2e7f3630b9f691dc4293a14..d09f3a9478616eb22b9294667df2bf27e19e76a1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -28,7 +28,10 @@
 5245.  [cleanup]       Reduce logging level for IXFR up-to-date poll
                        responses. [GL #1009]
 
-5244.  [placeholder]
+5244.  [security]      Fixed a race condition in dns_dispatch_getnext()
+                       that could cause an assertion failure if a
+                       significant number of incoming packets were
+                       rejected. (CVE-2019-6471) [GL #942]
 
 5243.  [bug]           Fix a possible race between dispatcher and socket
                        code in a high-load cold-cache resolver scenario.

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 8d09e129868ff241cf969092b681392eec487037..6d897437ba8ab1ea220e1dbd2c4152b8195c7ccc 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -97,7 +97,15 @@
        <para>
          The TCP client quota set using the <command>tcp-clients</command>
          option could be exceeded in some cases. This could lead to
-         exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
+         exhaustion of file descriptors. This flaw is disclosed in
+         CVE-2018-5743. [GL #615]
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+         A race condition could trigger an assertion failure when
+         a large number of incoming packets were being rejected.
+         This flaw is disclosed in CVE-2019-6471. [GL #942]
        </para>
       </listitem>
     </itemizedlist>