diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index b02ccc14d7..3fd4db3e54 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -83,6 +83,11 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Duplicate EDNS COOKIE options in a response could trigger
+	  an assertion failure. This flaw is disclosed in CVE-2016-2088.
+	  [RT #41809]
+	</p></li>
 <li class="listitem"><p>
 	  Insufficient testing when parsing a message allowed
 	  records with an incorrect class to be be accepted,
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index 419d980ffb..9484bd1c04 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -44,6 +44,11 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Duplicate EDNS COOKIE options in a response could trigger
+	  an assertion failure. This flaw is disclosed in CVE-2016-2088.
+	  [RT #41809]
+	</p></li>
 <li class="listitem"><p>
 	  Insufficient testing when parsing a message allowed
 	  records with an incorrect class to be be accepted,