From 86df0993d74018d0165fd8d7c13fbbf7149453c2 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Mon, 7 Aug 2023 18:16:29 +0300
Subject: [PATCH] Add CHANGES and release note for [GL #4242]

---
 CHANGES                     | 3 +++
 doc/notes/notes-current.rst | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGES b/CHANGES
index 48510a6319..2bf3b2ae7b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6246.	[security]	Fix use-after-free error in TLS DNS code when sending
+			data. (CVE-2023-4236) [GL #4242]
+
 6245.	[security]	Limit the amount of recursion that can be performed
 			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index b01add6f21..9eb9a1c9ce 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -23,6 +23,15 @@ Security Fixes
   ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for
   bringing this vulnerability to our attention. :gl:`#4152`
 
+- Previously, it was possible to remotely trigger a use-after-free error
+  in the DNS-over-TLS transport code, specifically in the code
+  responsible for sending data to the remote peer. This has been fixed.
+  (CVE-2023-4236)
+
+  ISC would like to thank Robert Story from USC/ISI Root Server
+  Operations for bringing this vulnerability to our attention.
+  :gl:`#4242`
+
 New Features
 ~~~~~~~~~~~~