head	1.2;
access;
symbols
	perseant-exfatfs-base-20240630:1.2
	perseant-exfatfs:1.2.0.6
	perseant-exfatfs-base:1.2
	cjep_sun2x:1.2.0.4
	cjep_sun2x-base:1.2
	cjep_staticlib_x-base1:1.2
	cjep_staticlib_x:1.2.0.2
	cjep_staticlib_x-base:1.2
	phil-wifi-20200421:1.1.1.1
	phil-wifi-20200411:1.1.1.1
	phil-wifi:1.1.1.1.0.4
	is-mlppp:1.1.1.1.0.2
	is-mlppp-base:1.1.1.1
	phil-wifi-20200406:1.1.1.1
	bind-9-14-8:1.1.1.1
	ISC:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2020.05.24.19.46.22;	author christos;	state dead;
branches;
next	1.1;
commitid	QmFJkkdg1H7qVw9C;

1.1
date	2019.11.24.19.57.37;	author christos;	state Exp;
branches
	1.1.1.1;
next	;
commitid	cp8OsYQLTelDP8MB;

1.1.1.1
date	2019.11.24.19.57.37;	author christos;	state Exp;
branches
	1.1.1.1.4.1;
next	;
commitid	cp8OsYQLTelDP8MB;

1.1.1.1.4.1
date	2019.11.24.19.57.37;	author martin;	state dead;
branches;
next	1.1.1.1.4.2;
commitid	Qli2aW9E74UFuA3C;

1.1.1.1.4.2
date	2020.04.08.14.07.07;	author martin;	state Exp;
branches;
next	;
commitid	Qli2aW9E74UFuA3C;


desc
@@


1.2
log
@Merge conflicts
@
text
@<!--
 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 -
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -
 - See the COPYRIGHT file distributed with this work for additional
 - information regarding copyright ownership.
-->

<section xml:id="relnotes-9.14.7"><info><title>Notes for BIND 9.14.7</title></info>

  <section xml:id="relnotes-9.14.7-security"><info><title>Security Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          <command>named</command> could crash with an assertion failure
          if a forwarder returned a referral, rather than resolving the
          query, when QNAME minimization was enabled.  This flaw is
          disclosed in CVE-2019-6476. [GL #1051]
        </para>
      </listitem>
      <listitem>
        <para>
          A flaw in DNSSEC verification when transferring mirror zones
          could allow data to be incorrectly marked valid. This flaw
          is disclosed in CVE-2019-6475. [GL #1252]
        </para>
      </listitem>
    </itemizedlist>
  </section>

</section>
@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Import bind 9.14.8 (security fix -- limits on concurrent TCP queries)

        --- 9.14.8 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
			disabled by default because it was found to have
			a significant performance impact on the recursive
			service. [GL #1265]

5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
			[GL #876]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]
@
text
@@


1.1.1.1.4.1
log
@file notes-9.14.7.xml was added on branch phil-wifi on 2020-04-08 14:07:07 +0000
@
text
@d1 34
@


1.1.1.1.4.2
log
@Merge changes from current as of 20200406
@
text
@a0 34
<!--
 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 -
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -
 - See the COPYRIGHT file distributed with this work for additional
 - information regarding copyright ownership.
-->

<section xml:id="relnotes-9.14.7"><info><title>Notes for BIND 9.14.7</title></info>

  <section xml:id="relnotes-9.14.7-security"><info><title>Security Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          <command>named</command> could crash with an assertion failure
          if a forwarder returned a referral, rather than resolving the
          query, when QNAME minimization was enabled.  This flaw is
          disclosed in CVE-2019-6476. [GL #1051]
        </para>
      </listitem>
      <listitem>
        <para>
          A flaw in DNSSEC verification when transferring mirror zones
          could allow data to be incorrectly marked valid. This flaw
          is disclosed in CVE-2019-6475. [GL #1252]
        </para>
      </listitem>
    </itemizedlist>
  </section>

</section>
@