From bfafcf89b8d1c3ea4fc02bf57daea13947051386 Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@isc.org>
Date: Mon, 21 May 2018 22:52:15 +0530
Subject: [PATCH] Fix CHANGES entry

---
 CHANGES | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 61ca53953f..9ff2799e9f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -49,11 +49,12 @@
 4935.	[func]		Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
 			call were added). [GL #191]
 
-4934.	[security]	Simultaneous use of stale cache records and NSEC
+4934.	[security]	The serve-stale feature could cause an assertion failure
+			in rbtdb.c even when stale-answer-enable was false.
+			Simultaneous use of stale cache records and NSEC
 			aggressive negative caching could trigger a recursion
 			loop. (CVE-2018-5737) [GL #185]
 
-
 4933.	[bug]		Not creating signing keys for an inline signed zone
 			prevented changes applied to the raw zone from being
 			reflected in the secure zone until signing keys were