From 09fcd8f88a988a94bc8ea0759b27f1a1b652d481 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Thu, 1 Jun 2023 15:46:23 +0200
Subject: [PATCH] Add CHANGES and release note for [GL #4055]

---
 CHANGES                     | 4 ++++
 doc/notes/notes-current.rst | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 3955f7f618..b34478bf5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6190.	[security]	Improve the overmem cleaning process to prevent the
+			cache going over the configured limit. (CVE-2023-2828)
+			[GL #4055]
+
 6188.	[performance]	Reduce memory consumption by allocating properly
 			sized send buffers for stream-based transports.
 			[GL #4038]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 5ae9d306f8..78c3c048e2 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.18.16
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`
 
 New Features
 ~~~~~~~~~~~~