From: Michał Kępień <michal@isc.org>
Date: Wed, 14 Feb 2024 13:49:49 +0000 (+0100)
Subject: Retroactively add release note for CVE-2023-50868
X-Git-Tag: v9.19.22~35^2~1
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=01ac86f90ba6fb834e2ee94ad90881522ff9e641;p=thirdparty%2Fbind9.git

Retroactively add release note for CVE-2023-50868

A release note for CVE-2023-50868 was not included in BIND 9.19.21, even
though that vulnerability was already addressed in that release (by the
fix for CVE-2023-50387).  Retroactively add a relevant release note for
BIND 9.19.21.
---

diff --git a/doc/notes/notes-9.19.21.rst b/doc/notes/notes-9.19.21.rst
index 16f1b7bc3bb..f0593145988 100644
--- a/doc/notes/notes-9.19.21.rst
+++ b/doc/notes/notes-9.19.21.rst
@@ -24,6 +24,10 @@ Security Fixes
   Applied Cybersecurity ATHENE for bringing this vulnerability to our
   attention. :gl:`#4424`
 
+- Preparing an NSEC3 closest encloser proof could cause excessive CPU
+  load, leading to a denial-of-service condition. This has been fixed.
+  :cve:`2023-50868` :gl:`#4459`
+
 - Parsing DNS messages with many different names could cause excessive
   CPU load. This has been fixed. :cve:`2023-4408`