Add CHANGES and release note for GL #1996

author Ondřej Surý <ondrej@isc.org>

Fri, 31 Jul 2020 07:39:46 +0000 (09:39 +0200)

committer Michał Kępień <michal@isc.org>

Wed, 5 Aug 2020 10:57:23 +0000 (12:57 +0200)
author Ondřej Surý <ondrej@isc.org>
Fri, 31 Jul 2020 07:39:46 +0000 (09:39 +0200)
committer Michał Kępień <michal@isc.org>
Wed, 5 Aug 2020 10:57:23 +0000 (12:57 +0200)
diff --git a/CHANGES b/CHANGES

index b01a399729a8fbfdab68843b74abfd87985e554d..855a42e48b26d41ff07175c0ebeb5ac5ca89d2c6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -18,7 +18,9 @@
  
  5479.  [placeholder]
  
-5478.  [placeholder]
+5478.  [security]      It was possible to trigger an assertion failure by
+                       sending a specially crafted large TCP DNS message.
+                       (CVE-2020-8620) [GL #1996]
  
  5477.  [bug]           The idle timeout for connected TCP sockets is now
                         derived from the client query processing timeout
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 3ee01476ab55bca5d137cb703aa7719e884e9301..0b210895086db8bd2d26ce540b5ff81b119ee2c8 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -14,7 +14,11 @@ Notes for BIND 9.17.4
  Security Fixes
  ~~~~~~~~~~~~~~
  
-- None.
+- It was possible to trigger an assertion failure by sending a specially
+  crafted large TCP DNS message. This was disclosed in CVE-2020-8620.
+
+  ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for
+  bringing this vulnerability to our attention. [GL #1996]
  
  Known Issues
  ~~~~~~~~~~~~
author	Ondřej Surý <ondrej@isc.org>
	Fri, 31 Jul 2020 07:39:46 +0000 (09:39 +0200)
committer	Michał Kępień <michal@isc.org>
	Wed, 5 Aug 2020 10:57:23 +0000 (12:57 +0200)
CHANGES		patch \| blob \| blame \| history
doc/notes/notes-current.rst		patch \| blob \| blame \| history