From 886793e8decb0c02095c1c923407a2e4a8e0a01f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Sun, 11 Feb 2024 11:23:28 +0100
Subject: [PATCH] Add release note for GL #4459

---
 doc/notes/notes-9.18.24.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/notes/notes-9.18.24.rst b/doc/notes/notes-9.18.24.rst
index f6df887450..3e3f1c2f83 100644
--- a/doc/notes/notes-9.18.24.rst
+++ b/doc/notes/notes-9.18.24.rst
@@ -24,6 +24,10 @@ Security Fixes
   Applied Cybersecurity ATHENE for bringing this vulnerability to our
   attention. :gl:`#4424`
 
+- Preparing an NSEC3 closest encloser proof could cause excessive CPU
+  load, leading to a denial-of-service condition. This has been fixed.
+  :cve:`2023-50868` :gl:`#4459`
+
 - Parsing DNS messages with many different names could cause excessive
   CPU load. This has been fixed. :cve:`2023-4408`