From: Mark Andrews <marka@isc.org>
Date: Wed, 6 Feb 2019 19:36:20 +0000 (-0800)
Subject: add CHANGES and release notes entries
X-Git-Tag: v9.15.0~139^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=821f917db80ee005a2a9bdfc087ab446d922104b;p=thirdparty%2Fbind9.git

add CHANGES and release notes entries
---

diff --git a/CHANGES b/CHANGES
index 0839f621222..ecd526da0a8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -87,7 +87,9 @@
 			and "nsdname-enable" both now default to yes,
 			regardless of compile-time settings. [GL #824]
 
-5141.	[placeholder]
+5141.	[security]	Zone transfer controls for writable DLZ zones were
+			not effective as the allowzonexfr method was not being
+			called for such zones. (CVE-2019-6465) [GL #790]
 
 5140.	[bug]		Don't immediately mark existing keys as inactive and
 			deleted when running dnssec-keymgr for the first
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 79256ea5c19..849ba261b08 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -157,6 +157,14 @@
 	  [GL #772]
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  Zone transfer controls for writable DLZ zones were not
+	  effective as the <command>allowzonexfr</command> method was
+	  not being called for such zones. This flaw is disclosed in
+	  CVE-2019-6465. [GL #790]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>