Add CHANGES and release notes for [GL #2787]

2025-08-29 13:38:26 +00:00 · 2021-06-22 12:33:50 +02:00 · 2021-06-22 12:33:50 +02:00 · dd0e3b0213
commit dd0e3b0213
parent ef9f09252c
2 changed files with 9 additions and 2 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+5663.	[bug]		Properly handle non-zero OPCODEs when receiving the
+			queries over DoT and DoH channels. [GL #2787]
+
 5662.	[bug]		Views with recursion disabled are now configured with a
 			default cache size of 2 MB, unless "max-cache-size" is
 			explicitly set. This prevents cache RBT hash tables from
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -14,7 +14,11 @@ Notes for BIND 9.17.15
 Security Fixes
 ~~~~~~~~~~~~~~

- None.
+- Sending non-zero opcode via DoT or DoH channels would trigger an assertion
+  failure in ``named``. This has been fixed.
+
+  ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research
+  Center for responsibly disclosing the vulnerability to us. :gl:`#2787`

 Known Issues
 ~~~~~~~~~~~~
@ -58,4 +62,4 @@ Bug Fixes

 - A deadlock at startup was introduced when fixing :gl:`#1875` because when
  locking key files for reading and writing, "in-view" logic was not taken into
-  account. This has been fixed. [GL #2783]
+  account. This has been fixed. :gl:`#2783`