From 2fd20bbaf5832963bf7e92b58f986d33590d1405 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Wed, 14 Feb 2024 14:49:49 +0100
Subject: [PATCH] Mention CVE-2023-50868 in CHANGES entry 6322

Since CVE-2023-50868 does not have a dedicated fix in BIND 9, mention
its CVE identifier in the CHANGES entry for CVE-2023-50387 (KeyTrap),
which accompanied the code change that addresses both of these
vulnerabilities.
---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 8dcb70e0e0..8498e65a83 100644
--- a/CHANGES
+++ b/CHANGES
@@ -85,6 +85,10 @@
 			condition due to DNS validation taking a long time.
 			(CVE-2023-50387) [GL #4424]
 
+			The same code change also addresses another problem:
+			preparing NSEC3 closest encloser proofs could exhaust
+			available CPU resources. (CVE-2023-50868) [GL #4459]
+
 6321.	[security]	Change 6315 inadvertently introduced regressions that
 			could cause named to crash. [GL #4234]