upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 03:11:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add CHANGES and release note for GL #1996

Browse source
This commit is contained in:
Ondřej Surý 2020-07-31 09:39:46 +02:00 committed by Michał Kępień
parent 9a372f2bce
commit 9d69ee740f
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -10,6 +10,10 @@
system, but the Duplicate Address Detection (DAD)
mechanism had not yet finished. [GL #2038]
5478. [security] It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message.
(CVE-2020-8620) [GL #1996]
5477. [bug] The idle timeout for connected TCP sockets is now
derived from the client query processing timeout
configured for a resolver. [GL #2024]

6
doc/notes/notes-current.rst
View file

@ -14,7 +14,11 @@ Notes for BIND 9.16.6
Security Fixes
~~~~~~~~~~~~~~
- None.
- It was possible to trigger an assertion failure by sending a specially
crafted large TCP DNS message. This was disclosed in CVE-2020-8620.
ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for
bringing this vulnerability to our attention. [GL #1996]
Known Issues
~~~~~~~~~~~~