From 8f2b2012a4b25da3b5ef7b23a63aa20abb5ae55b Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 28 Dec 2016 19:41:26 -0800 Subject: [PATCH] [master] release notes --- doc/arm/notes.xml | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index d8dee100ad..10e7233f50 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -67,9 +67,41 @@ - Named incorrectly tried to cache TKEY records which could - trigger a assertion failure when there was a class mismatch. - This flaw is disclosed in CVE-2016-9131. [RT #43522] + A coding error in the + feature could lead to an assertion failure if the redirection + namespace was served from a local authoritative data source + such as a local zone or a DLZ instead of via recursive + lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] + + + + + named could mishandle authority sections + with missing RRSIGs, triggering an assertion failure. This + flaw is disclosed in CVE-2016-9444. [RT #43632] + + + + + named mishandled some responses where + covering RRSIG records were returned without the requested + data, resulting in an assertion failure. This flaw is + disclosed in CVE-2016-9147. [RT #43548] + + + + + named incorrectly tried to cache TKEY + records which could trigger an assertion failure when there was + a class mismatch. This flaw is disclosed in CVE-2016-9131. + [RT #43522] + + + + + It was possible to trigger assertions when processing + responses containing answers of type DNAME. This flaw is + disclosed in CVE-2016-8864. [RT #43465]