From 1002f920f6385196a1cc480bdbf9838418754ca7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Fri, 19 Jan 2024 21:11:32 +0100
Subject: [PATCH] Add CHANGES and release note for [GL #4481]

---
 CHANGES                     | 5 +++++
 doc/notes/notes-current.rst | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 7f5b381442..3165203b82 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+6399.	[security]	Malicious DNS client that sends many queries over
+			TCP but never reads responses can cause server to
+			respond slowly or not respond at all for other
+			clients. (CVE-2024-0760) [GL #4481]
+
 6398.	[bug]		Fix potential data races in our DoH implementation
 			related to HTTP/2 session object management and
 			endpoints set object management after reconfiguration.
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 4a3db14ed4..1cda5eeab3 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,9 @@ Notes for BIND 9.19.25
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- Malicious DNS client that sends many queries over TCP but never reads
+  responses can cause server to respond slowly or not respond at all for other
+  clients. :cve:`2024-0760` :gl:`#4481`
 
 New Features
 ~~~~~~~~~~~~