From 891db84e9042e663394d5f520dc27edfeaee3bc2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Mon, 12 Apr 2021 15:00:03 +0200
Subject: [PATCH] Add release note for [GL #2604]

---
 doc/arm/notes-9.11.30.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/doc/arm/notes-9.11.30.xml b/doc/arm/notes-9.11.30.xml
index d3b11606abb..39c483791ae 100644
--- a/doc/arm/notes-9.11.30.xml
+++ b/doc/arm/notes-9.11.30.xml
@@ -37,6 +37,23 @@
           bringing this vulnerability to our attention. [GL #2540]
         </para>
       </listitem>
+      <listitem>
+        <para>
+          When a server's configuration set the
+          <command>tkey-gssapi-keytab</command> or
+          <command>tkey-gssapi-credential</command> option, a specially crafted
+          GSS-TSIG query could cause a buffer overflow in the ISC implementation
+          of SPNEGO (a protocol enabling negotiation of the security mechanism
+          used for GSSAPI authentication). This flaw could be exploited to crash
+          <command>named</command> binaries compiled for 64-bit platforms, and
+          could enable remote code execution when <command>named</command> was
+          compiled for 32-bit platforms. (CVE-2021-25216)
+        </para>
+        <para>
+          This vulnerability was reported to us as ZDI-CAN-13347 by Trend Micro
+          Zero Day Initiative. [GL #2604]
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
 
-- 
2.47.3