upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 18:30:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Retroactively add release note for CVE-2023-50868

Browse source 
A release note for CVE-2023-50868 was not included in BIND 9.19.21, even
though that vulnerability was already addressed in that release (by the
fix for CVE-2023-50387).  Retroactively add a relevant release note for
BIND 9.19.21.
This commit is contained in:
Michał Kępień 2024-02-14 14:49:49 +01:00
parent 2fd20bbaf5
commit 01ac86f90b
No known key found for this signature in database
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/notes/notes-9.19.21.rst
View file

@ -24,6 +24,10 @@ Security Fixes
Applied Cybersecurity ATHENE for bringing this vulnerability to our
attention. :gl:`#4424`
- Preparing an NSEC3 closest encloser proof could cause excessive CPU
load, leading to a denial-of-service condition. This has been fixed.
:cve:`2023-50868` :gl:`#4459`
- Parsing DNS messages with many different names could cause excessive
CPU load. This has been fixed. :cve:`2023-4408`