diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 7638fa608e..d8f714594b 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,6 +88,11 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  It was possible to trigger a assertion when rendering a
+	  message using a specially crafted request. This flaw is
+	  disclosed in CVE-2016-2776. [RT #43139]
+	</p></li>
 <li class="listitem"><p>
 	 getrrsetbyname with a non absolute name could trigger an
 	 infinite recursion bug in lwresd and named with lwres
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index 7957edcb3a..c4a5b5e993 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -48,6 +48,11 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  It was possible to trigger a assertion when rendering a
+	  message using a specially crafted request. This flaw is
+	  disclosed in CVE-2016-2776. [RT #43139]
+	</p></li>
 <li class="listitem"><p>
 	 getrrsetbyname with a non absolute name could trigger an
 	 infinite recursion bug in lwresd and named with lwres