diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 7fd75a46f8..33aabbbafe 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -153,6 +153,15 @@
 	  [RT #45181]
 	</p>
       </li>
+<li class="listitem">
+	<p>
+	  Addresses could be referenced after being freed during resolver
+	  processing, causing an assertion failure. The chances of this
+	  happening were remote, but the introduction of a delay in
+	  resolution increased them. This bug is disclosed in
+	  CVE-2017-3145. [RT #46839]
+	</p>
+      </li>
 </ul></div>
   </div>
 
@@ -257,6 +266,15 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  Attempting to validate improperly unsigned CNAME responses
+	  from secure zones could cause a validator loop. This caused
+	  a delay in returning SERVFAIL and also increased the chances
+	  of encountering the crash bug described in CVE-2017-3145.
+	  [RT #46839]
+	</p>
+      </li>
 <li class="listitem">
 	<p>
 	  When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index fd5aa7bfa2..0811b40906 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -113,6 +113,15 @@
 	  [RT #45181]
 	</p>
       </li>
+<li class="listitem">
+	<p>
+	  Addresses could be referenced after being freed during resolver
+	  processing, causing an assertion failure. The chances of this
+	  happening were remote, but the introduction of a delay in
+	  resolution increased them. This bug is disclosed in
+	  CVE-2017-3145. [RT #46839]
+	</p>
+      </li>
 </ul></div>
   </div>
 
@@ -217,6 +226,15 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  Attempting to validate improperly unsigned CNAME responses
+	  from secure zones could cause a validator loop. This caused
+	  a delay in returning SERVFAIL and also increased the chances
+	  of encountering the crash bug described in CVE-2017-3145.
+	  [RT #46839]
+	</p>
+      </li>
 <li class="listitem">
 	<p>
 	  When <span class="command"><strong>named</strong></span> was reconfigured, failure of some
