named could crash with an assertion failure if a forwarder returned a referral, rather than resolving the query, when QNAME minimization was enabled. This flaw is disclosed in CVE-2019-6476. [GL #1051] A flaw in DNSSEC verification when transferring mirror zones could allow data to be incorrectly marked valid. This flaw is disclosed in CVE-2019-6475. [GL #1252]