Add CHANGES and release note for GL #2055

2025-08-31 06:25:31 +00:00 · 2020-07-29 23:36:03 +10:00
parent 94bc07cf05
commit 4fb94906fa
2 changed files with 15 additions and 1 deletions
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -44,6 +44,15 @@ Security Fixes
  ISC would like to thank Lyu Chiy for bringing this vulnerability to
  our attention. [GL #2037]

+- ``update-policy`` rules of type ``subdomain`` were incorrectly treated
+  as ``zonesub`` rules, which allowed keys used in ``subdomain`` rules
+  to update names outside of the specified subdomains. The problem was
+  fixed by making sure ``subdomain`` rules are again processed as
+  described in the ARM. This was disclosed in CVE-2020-8624.
+
+  ISC would like to thank Joop Boonen of credativ GmbH for bringing this
+  vulnerability to our attention. [GL #2055]
+
 Known Issues
 ~~~~~~~~~~~~