diff --git a/CHANGES b/CHANGES
index 31876c8617..b1e7a970e7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4138.	[bug]		A uninitialized value in validator.c could result
+			in a assertion failure. (CVE-2015-4620) [RT #39795]
+
 4137.	[bug]		rndc reconfig reports configuration errors the same
 			way rndc reload does [RT #39635]
 
@@ -20,7 +23,7 @@
 4131.	[bug]		Addressed further problems with reloading RPZ
 			zones. [RT #39649]
 
-4130.	[bug]		The compatability shim for *printf() misprinted some
+4130.	[bug]		The compatibility shim for *printf() misprinted some
 			large numbers. [RT #39586]
 
 4129.	[port]		Address API changes in OpenSSL 1.1.0. [RT #39532]
@@ -193,7 +196,7 @@
 			using either method disables the check completely.
 			[RT #37908]
 
-4079.	[func]		Preserve the case of the ownername of records to
+4079.	[func]		Preserve the case of the owner name of records to
 			the RRset level. [RT #37442]
 
 4078.	[bug]		Handle the case where CMSG_SPACE(sizeof(int)) !=
@@ -214,7 +217,7 @@
 			[RT #38056]
 
 4072.	[func]		Add a --enable-querytrace configure switch for
-			very verbose query tracelogging. (This option
+			very verbose query trace logging. (This option
 			has a negative performance impact and should be
 			used only for debugging.) [RT #37520]
 
@@ -9493,7 +9496,7 @@
 			on the responses. [RT #2454]
 
 1208.	[bug]		dns_master_load*() failed to log a error message if
-			an error was detected when parsing the ownername of
+			an error was detected when parsing the owner name of
 			a record.  [RT #2448]
 
 1207.	[bug]		libbind: getaddrinfo() could call freeaddrinfo() with
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 2657a1762b..3cf90f5043 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1423,7 +1423,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) {
  */
 static isc_boolean_t
 isselfsigned(dns_validator_t *val) {
-	dns_fixedname_t fixed;
 	dns_rdataset_t *rdataset, *sigrdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -1479,8 +1478,7 @@ isselfsigned(dns_validator_t *val) {
 			result = dns_dnssec_verify3(name, rdataset, dstkey,
 						    ISC_TRUE,
 						    val->view->maxbits,
-						    mctx, &sigrdata,
-						    dns_fixedname_name(&fixed));
+						    mctx, &sigrdata, NULL);
 			dst_key_free(&dstkey);
 			if (result != ISC_R_SUCCESS)
 				continue;