From d05f0b2479e0ec871cc0aade79ac47ac7f994de5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 12 Jul 2016 01:17:44 +1000
Subject: [PATCH] add CVE-2016-2775

---
 CHANGES           | 2 +-
 README            | 2 +-
 doc/arm/notes.xml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9754f4d334..b4403d219e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,7 +5,7 @@
 			trigger a infinite recursion bug in lwresd
 			and named with lwres configured if when combined
 			with a search list entry the resulting name is
-			too long. [RT #42694]
+			too long. (CVE-2016-2775) [RT #42694]
 
 4405.	[bug]		Change 4342 introduced a regression where you could
 			not remove a delegation in a NSEC3 signed zone using
diff --git a/README b/README
index 465a68e3b3..394366491a 100644
--- a/README
+++ b/README
@@ -56,7 +56,7 @@ BIND 9.9.9
 	BIND 9.9.9 is a maintenance release and addresses bugs found
 	in BIND 9.9.8 and earlier, as well as the security flaws
 	described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704,
-	CVE-2016-1285, and CVE-2016-1286.
+	CVE-2016-1285, CVE-2016-1286 and CVE-2016-2775.
 
 BIND 9.9.8
 
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 208e3acbf2..cfdff0a212 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -48,7 +48,7 @@
          infinite recursion bug in lwresd and named with lwres
          configured if when combined with a search list entry the
          resulting name is too long.  This flaw is disclosed in
-         CVE-2016-XXXX.
+         CVE-2016-2775.
 	</para>
       </listitem>
       <listitem>