[v9_10] add notes

doc/arm/notes.xml

@@ -39,7 +39,42 @@
     <title>Security Fixes</title>
     <itemizedlist>
       <listitem>
-	<para>None</para>
+	<para>
+	  A flaw in delegation handling could be exploited to put
+	  <command>named</command> into an infinite loop, in which
+	  each lookup of a name server triggered additional lookups
+	  of more name servers.  This has been addressed by placing
+	  limits on the number of levels of recursion
+	  <command>named</command> will allow (default 7), and
+	  on the number of queries that it will send before
+	  terminating a recursive query (default 50).
+	</para>
+	<para>
+	  The recursion depth limit is configured via the
+	  <option>max-recursion-depth</option> option, and the query limit
+	  via the <option>max-recursion-queries</option> option.
+	</para>
+	<para>
+	  The flaw was discovered by Florian Maury of ANSSI, and is
+	  disclosed in CVE-2014-8500. [RT #37580]
+	</para>
+      </listitem>
+      <listitem>
+	<para>
+	  Two separate problems were identified in BIND's GeoIP code that
+	  could lead to an assertion failure. One was triggered by use of
+	  both IPv4 and IPv6 address families, the other by referencing
+	  a GeoIP database in <filename>named.conf</filename> which was
+	  not installed. Both are covered by CVE-2014-8680. [RT #37672]
+	  [RT #37679]
+	</para>
+	<para>
+	  A less serious security flaw was also found in GeoIP: changes
+	  to the <command>geoip-directory</command> option in
+	  <filename>named.conf</filename> were ignored when running
+	  <command>rndc reconfig</command>. In theory, this could allow
+	  <command>named</command> to allow access to unintended clients.
+	</para>
       </listitem>
     </itemizedlist>
   </sect2>