Add CHANGES and release note for [GL #3158]

2025-08-31 14:35:26 +00:00 · 2022-02-16 19:30:19 +11:00
parent 9fcc028f5c
commit c9f28777f6
2 changed files with 9 additions and 1 deletions
--- a/4
+++ b/4
@@ -37,7 +37,9 @@

 5820.	[placeholder]

-5819.	[placeholder]
+5819.	[security]	Lookups involving a DNAME could trigger an INSIST when
+			"synth-from-dnssec" was enabled. (CVE-2022-0635)
+			[GL #3158]

 5818.	[security]	A synchronous call to closehandle_cb() caused
 			isc__nm_process_sock_buffer() to be called recursively,
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -28,6 +28,12 @@ Security Fixes
  TCP sockets in the ``CLOSE_WAIT`` state when the client did not
  properly shut down the connection. (CVE-2022-0396) :gl:`#3112`

+- Lookups involving a DNAME could trigger an assertion failure when
+  ``synth-from-dnssec`` was enabled (which is the default).
+  (CVE-2022-0635)
+
+  ISC would like to thank Vincent Levigneron from AFNIC for bringing
+  this vulnerability to our attention. :gl:`#3158`

 Known Issues
 ~~~~~~~~~~~~