From 31d0b7e909a4b2a7f6a0e08fe25b76e05a184ed3 Mon Sep 17 00:00:00 2001
From: Tinderbox User <tbox@isc.org>
Date: Sat, 3 Feb 2018 01:11:31 +0000
Subject: [PATCH] regen master

---
 doc/arm/Bv9ARM.ch08.html | 15 +++++++++++++--
 doc/arm/notes.html       | 15 +++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index a3793be377..f18fcc5728 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -131,7 +131,17 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  When answering authoritative queries, <span class="command"><strong>named</strong></span>
+	  does not return the target of a cross-zone CNAME between two
+	  locally served zones; this prevents accidental cache poisoning.
+	  This same restriction was incorrectly applied to recursive
+	  queries as well; this has been fixed. [RT #47078]
+	</p>
+      </li>
+<li class="listitem">
 	<p>
 	  Attempting to validate improperly unsigned CNAME responses
 	  from secure zones could cause a validator loop. This caused
@@ -139,7 +149,8 @@
 	  of encountering the crash bug described in CVE-2017-3145.
 	  [RT #46839]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index 3dfe655e9b..4a1c80f3f3 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -93,7 +93,17 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  When answering authoritative queries, <span class="command"><strong>named</strong></span>
+	  does not return the target of a cross-zone CNAME between two
+	  locally served zones; this prevents accidental cache poisoning.
+	  This same restriction was incorrectly applied to recursive
+	  queries as well; this has been fixed. [RT #47078]
+	</p>
+      </li>
+<li class="listitem">
 	<p>
 	  Attempting to validate improperly unsigned CNAME responses
 	  from secure zones could cause a validator loop. This caused
@@ -101,7 +111,8 @@
 	  of encountering the crash bug described in CVE-2017-3145.
 	  [RT #46839]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">