diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 9c159b3db0..276ddda036 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -120,11 +120,23 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
 	<p>
-	  None.
+	  The BIND installer on Windows used an unquoted service path,
+	  which can enable privilege escalation. This flaw is disclosed
+	  in CVE-2017-3141. [RT #45229]
 	</p>
-      </li></ul></div>
+      </li>
+<li class="listitem">
+	<p>
+	  With certain RPZ configurations, a response with TTL 0
+	  could cause <span class="command"><strong>named</strong></span> to go into an infinite
+	  query loop. This flaw is disclosed in CVE-2017-3140.
+	  [RT #45181]
+	</p>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index a0d42be9fd..861b281c2a 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -83,11 +83,23 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
 	<p>
-	  None.
+	  The BIND installer on Windows used an unquoted service path,
+	  which can enable privilege escalation. This flaw is disclosed
+	  in CVE-2017-3141. [RT #45229]
 	</p>
-      </li></ul></div>
+      </li>
+<li class="listitem">
+	<p>
+	  With certain RPZ configurations, a response with TTL 0
+	  could cause <span class="command"><strong>named</strong></span> to go into an infinite
+	  query loop. This flaw is disclosed in CVE-2017-3140.
+	  [RT #45181]
+	</p>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">