add CVE-2017-3136 note

doc/arm/notes.xml

@@ -64,6 +64,13 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>dns64</command> with <command>break-dnssec yes;</command>
+	  can result in an assertion failure. This flaw is disclosed in
+	  CVE-2017-3136.[RT #44653]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  If a server is configured with a response policy zone (RPZ)