diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 7988805e62..d97915783d 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -87,6 +87,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+         getrrsetbyname with a non absolute name could trigger a
+         infinite recursion bug in lwresd and named with lwres
+         configured if when combined with a search list entry the
+         resulting name is too long.  This flaw is disclosed in
+         CVE-2016-XXXX.
+	</p></li>
 <li class="listitem"><p>
 	  Duplicate EDNS COOKIE options in a response could trigger
 	  an assertion failure. This flaw is disclosed in CVE-2016-2088.
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index c62cb75224..e6030ebe47 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -48,6 +48,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+         getrrsetbyname with a non absolute name could trigger a
+         infinite recursion bug in lwresd and named with lwres
+         configured if when combined with a search list entry the
+         resulting name is too long.  This flaw is disclosed in
+         CVE-2016-XXXX.
+	</p></li>
 <li class="listitem"><p>
 	  Duplicate EDNS COOKIE options in a response could trigger
 	  an assertion failure. This flaw is disclosed in CVE-2016-2088.