Add CHANGES and release note for [GL #4055]

2025-08-30 22:15:20 +00:00 · 2023-06-01 15:46:23 +02:00
parent da0eafcdee
commit 616bd7a96e
2 changed files with 11 additions and 2 deletions
--- a/4
+++ b/4
@@ -2,7 +2,9 @@

 6191.	[placeholder]

-6190.	[placeholder]
+6190.	[security]	Improve the overmem cleaning process to prevent the
+			cache going over the configured limit. (CVE-2023-2828)
+			[GL #4055]

 6189.	[bug]		Fix an extra dns_validator deatch when encountering
 			deadling which would lead to assertion failure.
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.19.14
 Security Fixes
 ~~~~~~~~~~~~~~

- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`

 New Features
 ~~~~~~~~~~~~