From: Mark Andrews <marka@isc.org>
Date: Tue, 22 Nov 2016 01:46:27 +0000 (+1100)
Subject: update for CVE-2016-9444
X-Git-Tag: v9.11.0-P2~8
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=9094c8be5bee5ad3d7078b34fb3a895bfbe03d8c;p=thirdparty%2Fbind9.git

update for CVE-2016-9444
---

diff --git a/README b/README
index 8f7eb97c195..68a671fea97 100644
--- a/README
+++ b/README
@@ -53,7 +53,8 @@ BIND 9
 
 BIND 9.11.0-P2
 
-	This version contains a fix for CVE-2016-9131 and CVE-2016-9147.
+	This version contains a fix for CVE-2016-9131, CVE-2016-9147
+	and CVE-2016-9444.
 
 BIND 9.11.0-P1
 
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 75de655f878..40e7a747b11 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -17,7 +17,7 @@
     </para>
     <para>
       BIND 9.11.0-P2 addresses the security issues described in
-      CVE-2016-9131 and CVE-2016-9147.
+      CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
     </para>
     <para>
       BIND 9.11.0-P1 addresses the security issue described in
@@ -40,10 +40,17 @@
     <itemizedlist>
       <listitem>
 	<para>
-	 Named mishandled some responses where covering RRSIG
-	 records are returned without the requested data
-	 resulting in a assertion failure. This flaw is disclosed in
-	 CVE-2016-9147. [RT #43548]
+	  Named could mishandle authority sections that were missing
+	  RRSIGs triggering an assertion failure.  This flaw is
+	  disclosed in CVE-2016-9444. [RT # 43632]
+	</para>
+      </listitem>
+      <listitem>
+	<para>
+	  Named mishandled some responses where covering RRSIG
+	  records are returned without the requested data
+	  resulting in a assertion failure. This flaw is disclosed in
+	  CVE-2016-9147. [RT #43548]
 	</para>
       </listitem>
       <listitem>