Add CHANGES and release note for GL #2037

2025-08-29 13:38:26 +00:00 · 2020-07-21 15:24:21 +02:00 · 2020-07-21 15:24:21 +02:00 · aaeea046ed
commit aaeea046ed
parent 52733368fd
2 changed files with 13 additions and 1 deletions
--- a/6
+++ b/6
@ -14,7 +14,11 @@

 5481.	[placeholder]

-5480.	[placeholder]
+5480.	[security]	When BIND 9 was compiled with native PKCS#11 support, it
+			was possible to trigger an assertion failure in code
+			determining the number of bits in the PKCS#11 RSA public
+			key with a specially crafted packet. (CVE-2020-8623)
+			[GL #2037]

 5479.	[security]	named could crash in certain query resolution scenarios
 			where QNAME minimization and forwarding were both
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -36,6 +36,14 @@ Security Fixes
  ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham
  of Oracle for bringing this vulnerability to our attention. [GL #2028]

+- When BIND 9 was compiled with native PKCS#11 support, it was possible
+  to trigger an assertion failure in code determining the number of bits
+  in the PKCS#11 RSA public key with a specially crafted packet. This
+  was disclosed in CVE-2020-8623.
+
+  ISC would like to thank Lyu Chiy for bringing this vulnerability to
+  our attention. [GL #2037]
+
 Known Issues
 ~~~~~~~~~~~~