From 7f6cb0d0cc26179fe6243c66fa810fd6a217d55a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 8 Sep 2022 11:11:30 +0200
Subject: [PATCH] Add release note for GL #3394

(cherry picked from commit 672072812cae9a346f6bc40ea5b1a81a5ca010ba)
---
 doc/notes/notes-current.rst | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 306a87ccbb..020cfd08ba 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.18.7
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- Previously, there was no limit to the number of database lookups
+  performed while processing large delegations, which could be abused to
+  severely impact the performance of :iscman:`named` running as a
+  recursive resolver. This has been fixed. (CVE-2022-2795)
+
+  ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat
+  Bremler-Barr & Shani Stajnrod from Reichman University for bringing
+  this vulnerability to our attention. :gl:`#3394`
 
 Known Issues
 ~~~~~~~~~~~~