From 645dd3fdf1522d66fabe403e0ca6ec2ebbea2e96 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 28 Oct 2022 11:31:19 +1100 Subject: [PATCH] Add release note for [GL #3622] (cherry picked from commit 42c42be9a997a30dcf83c8a77a2f57811757a72d) --- doc/notes/notes-current.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 305cea5933..a5b1df2982 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -24,6 +24,14 @@ Security Fixes ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention. :gl:`#3523` +- :iscman:`named` could crash with an assertion failure when an RRSIG + query was received and :any:`stale-answer-client-timeout` was set to a + non-zero value. This has been fixed. (CVE-2022-3736) + + ISC would like to thank Borja Marcos from Sarenet (with assistance by + Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to + our attention. :gl:`#3622` + New Features ~~~~~~~~~~~~