From 31c690396dcb9f9af0d3a41ab74ebfdc160c3f02 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Mar 2019 15:21:10 -0700
Subject: [PATCH] CHANGES, release note

(cherry picked from commit ab5473007e91f011d003ff0ba5ab32fa0d56360c)
(cherry picked from commit 404be59527c95b4631f2c6cdf072d5c7e0e3240d)
---
 CHANGES           |  5 +++++
 doc/arm/notes.xml | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/CHANGES b/CHANGES
index a295722d10..9e503a9f2b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -51,6 +51,11 @@
 
 5201.	[bug]		Fix a possible deadlock in RPZ update code. [GL #973]
 
+5199.	[security]	In certain configurations, named could crash
+			if nxdomain-redirect was in use and a redirected
+			query resulted in an NXDOMAIN from the cache.
+			(CVE-2019-6467) [GL #880]
+
 5198.	[bug]		If a fetch context was being shut down and, at the same
 			time, we returned from qname minimization, an INSIST
 			could be hit. [GL #966]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 37ff53a7ac..225a68245e 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -86,6 +86,19 @@
     </para>
   </section>
 
+  <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
+    <itemizedlist>
+      <listitem>
+        <para>
+	  In certain configurations, <command>named</command> could crash
+	  with an assertion failure if <command>nxdomain-redirect</command>
+	  was in use and a redirected query resulted in an NXDOMAIN from the
+	  cache. This flaw is disclosed in CVE-2019-6467. [GL #880]
+	</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
   <section xml:id="relnotes_features"><info><title>New Features</title></info>
     <itemizedlist>
       <listitem>