From 41eb89503c76cb2f117a6f39e635d6139b146ddb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Fri, 19 Jan 2024 21:11:32 +0100
Subject: [PATCH] Add CHANGES and release note for [GL #4481]

(cherry picked from commit 3e4babc58e1ed169a25ae9083f8f3c7d3e8389a3)
---
 CHANGES                     | 5 +++++
 doc/notes/notes-current.rst | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index 09abb7e88b..8587a64ab9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+6399.	[security]	Malicious DNS client that sends many queries over
+			TCP but never reads responses can cause server to
+			respond slowly or not respond at all for other
+			clients. (CVE-2024-0760) [GL #4481]
+
 6398.	[bug]		Fix potential data races in our DoH implementation
 			related to HTTP/2 session object management and
 			endpoints set object management after reconfiguration.
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 38e66417b7..58fe4ad959 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,6 +15,10 @@ Notes for BIND 9.18.28
 Security Fixes
 ~~~~~~~~~~~~~~
 
+- Malicious DNS client that sends many queries over TCP but never reads
+  responses can cause server to respond slowly or not respond at all for other
+  clients. :cve:`2024-0760` :gl:`#4481`
+
 - Named could trigger an assertion failure when looking up the NS
   records of parent zones as part of looking up DS records.  This
   has been fixed. :gl:`#4661`