Add CHANGES and release note for [GL #3129]

2025-08-28 21:17:54 +00:00 · 2022-02-10 20:40:29 +00:00 · 2022-02-10 20:40:29 +00:00 · 9241363f36
commit 9241363f36
parent f0f3370e14
2 changed files with 7 additions and 1 deletions
--- a/4
+++ b/4
@ -35,7 +35,9 @@
 5821.	[bug]		Fix query context management issues in the TCP part
 			of dig. [GL #3184]

-5820.	[placeholder]
+5820.	[security]	An assertion could occur in resume_dslookup() if the
+			fetch had been shut down earlier. (CVE-2022-0667)
+			[GL #3129]

 5819.	[security]	Lookups involving a DNAME could trigger an INSIST when
 			"synth-from-dnssec" was enabled. (CVE-2022-0635)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -35,6 +35,10 @@ Security Fixes
  ISC would like to thank Vincent Levigneron from AFNIC for bringing
  this vulnerability to our attention. :gl:`#3158`

+- When chasing DS records, a timed-out or artificially delayed fetch
+  could cause ``named`` to crash while resuming a DS lookup.
+  (CVE-2022-0667) :gl:`#3129`
+
 Known Issues
 ~~~~~~~~~~~~