From 968d0a1415bf566d76e264cbc0654061b4c7c267 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Wed, 11 Oct 2023 09:15:13 +0200
Subject: [PATCH] Add CHANGES and release note for [GL #4234]

(cherry picked from commit 30d27928cff8a82774131b401c26b171a2367e31)
---
 CHANGES                     | 3 +++
 doc/notes/notes-current.rst | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index d209c80678..c537622cb8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6315.	[security]	Speed up parsing of DNS messages with many different
+			names. (CVE-2023-4408) [GL #4234]
+
 6314.	[bug]		Address race conditions in dns_tsigkey_find().
 			[GL #4182]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index be1bc21a15..045c3c79db 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,13 @@ Notes for BIND 9.18.22
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- Parsing DNS messages with many different names could cause excessive
+  CPU load. This has been fixed. :cve:`2023-4408`
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv
+  University, and Yuval Shavitt from Tel-Aviv University for bringing
+  this vulnerability to our attention. :gl:`#4234`
 
 New Features
 ~~~~~~~~~~~~