diff --git a/CHANGES b/CHANGES
index 4b93b761a0..d09f3a9478 100644
--- a/CHANGES
+++ b/CHANGES
@@ -28,7 +28,10 @@
 5245.	[cleanup]	Reduce logging level for IXFR up-to-date poll
 			responses. [GL #1009]
 
-5244.	[placeholder]
+5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
+			that could cause an assertion failure if a
+			significant number of incoming packets were
+			rejected. (CVE-2019-6471) [GL #942]
 
 5243.	[bug]		Fix a possible race between dispatcher and socket
 			code in a high-load cold-cache resolver scenario.
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 8d09e12986..6d897437ba 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -97,7 +97,15 @@
 	<para>
 	  The TCP client quota set using the <command>tcp-clients</command>
 	  option could be exceeded in some cases. This could lead to
-	  exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
+	  exhaustion of file descriptors. This flaw is disclosed in
+	  CVE-2018-5743. [GL #615]
+	</para>
+      </listitem>
+      <listitem>
+	<para>
+	  A race condition could trigger an assertion failure when
+	  a large number of incoming packets were being rejected.
+	  This flaw is disclosed in CVE-2019-6471. [GL #942]
 	</para>
       </listitem>
     </itemizedlist>