From 601066e854aba7dc0ad5a614ca4226ab503f032a Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Mon, 14 Nov 2022 12:30:49 +0000
Subject: [PATCH] Add CHANGES and release notes for [GL #3619]

(cherry picked from commit d08a478b4219163bcba3f31641f8f1d4e77681ff)
---
 CHANGES                     | 3 +++
 doc/notes/notes-current.rst | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGES b/CHANGES
index bdfbf45a2d..420cd05e7f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6067.	[security]	Fix serve-stale crash when recursive clients soft quota
+			is reached. (CVE-2022-3924) [GL #3619]
+
 6066.	[security]	Handle RRSIG lookups when serve-stale is active.
 			(CVE-2022-3736) [GL #3622]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index a5b1df2982..e58b5ec8d8 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -32,6 +32,15 @@ Security Fixes
   Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
   our attention. :gl:`#3622`
 
+- :iscman:`named` running as a resolver with the
+  :any:`stale-answer-client-timeout` option set to any value greater
+  than ``0`` could crash with an assertion failure, when the
+  :any:`recursive-clients` soft quota was reached. This has been fixed.
+  (CVE-2022-3924)
+
+  ISC would like to thank Maksym Odinintsev from AWS for bringing this
+  vulnerability to our attention. :gl:`#3619`
+
 New Features
 ~~~~~~~~~~~~