From: Mark Andrews <marka@isc.org>
Date: Wed, 15 Jul 2020 23:15:20 +0000 (+1000)
Subject: Add CHANGES and release notes for GL #2028
X-Git-Tag: v9.11.22~4^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0db7d0a49d4179490a290124de40077658b8a35d;p=thirdparty%2Fbind9.git

Add CHANGES and release notes for GL #2028
---

diff --git a/CHANGES b/CHANGES
index 50390bb0c0e..7e243aafc9a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5476.	[security]	It was possible to trigger an assertion failure when
+			verifying the response to a TSIG-signed request.
+			(CVE-2020-8622) [GL #2028]
+
 5474.	[bug]		dns_rdata_hip_next() failed to return ISC_R_NOMORE
 			when it should have. [GL !3880]
 
diff --git a/doc/arm/notes-9.11.22.xml b/doc/arm/notes-9.11.22.xml
index b867722d068..c11113318fc 100644
--- a/doc/arm/notes-9.11.22.xml
+++ b/doc/arm/notes-9.11.22.xml
@@ -15,7 +15,13 @@
     <itemizedlist>
       <listitem>
         <para>
-          None.
+          It was possible to trigger an assertion failure when verifying the
+          response to a TSIG-signed request. This was disclosed in
+          CVE-2020-8622.
+        </para>
+        <para>
+          ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham
+          of Oracle for bringing this vulnerability to our attention. [GL #2028]
         </para>
       </listitem>
     </itemizedlist>