Add CHANGES and release note for [GL #4055]

2025-08-30 14:07:59 +00:00 · 2023-06-01 15:46:23 +02:00
parent e9d5219fca
commit 09fcd8f88a
2 changed files with 12 additions and 1 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+6190.	[security]	Improve the overmem cleaning process to prevent the
+			cache going over the configured limit. (CVE-2023-2828)
+			[GL #4055]
+
 6188.	[performance]	Reduce memory consumption by allocating properly
 			sized send buffers for stream-based transports.
 			[GL #4038]
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.18.16
 Security Fixes
 ~~~~~~~~~~~~~~

- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`

 New Features
 ~~~~~~~~~~~~