From ebee5bdfe5a0851930754dc024d134a4df31fe6c Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 5 Jul 2018 20:48:26 -0700
Subject: [PATCH] CHANGES, release note

(cherry picked from commit 9c492aba65c178f30baafeb5502013f95a9d5b9a)
(cherry picked from commit ecb90158b6e457496922666f56c3f8f7cb3143d4)
---
 CHANGES           | 4 ++++
 doc/arm/notes.xml | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGES b/CHANGES
index e3b89a543d8..2a6ed0a1dc4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,6 +27,10 @@
 4990.	[bug]		Prevent a possible NULL reference in pkcs11-keygen.
 			[GL #401]
 
+4997.	[security]	named could crash during recursive processing
+			of DNAME records when "deny-answer-aliases" was
+			in use. (CVE-2018-5740) [GL #387]
+
 	--- 9.11.4 released ---
 
 	--- 9.11.4rc2 released ---
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 220a20e696d..7b7475b58f0 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -76,6 +76,13 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>named</command> could crash during recursive processing
+	  of DNAME records when <command>deny-answer-aliases</command> was
+	  in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  When recursion is enabled but the <command>allow-recursion</command>
-- 
2.47.3