From e7c12bffbd2a3e88cdd033da914e85a23fa602d1 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 20 Dec 2018 10:22:02 +0100
Subject: [PATCH] CHANGES, notes

---
 CHANGES           | 5 ++++-
 doc/arm/notes.xml | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index cc94c87f28..0fef5cd366 100644
--- a/CHANGES
+++ b/CHANGES
@@ -159,7 +159,10 @@
 
 5119.	[placeholder]
 
-5118.	[placeholder]
+5118.	[security]	Named could crash if it is managing a key with
+			`managed-keys` and the authoritative zone is rolling
+			the key to an unsupported algorithm. (CVE-2018-5745)
+			[GL #780]
 
 5117.	[placeholder]
 
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 83cdfc2bae..e7ebbd0fb2 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -140,6 +140,14 @@
 	  for records in the zone. [GL #771]
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  <command>named</command> could crash if it managed a DNSSEC
+	  security root with <command>managed-keys</command> and the
+	  authoritative zone rolled the key to an algorithm not supported
+	  by BIND 9.  This flaw is disclosed in CVE-2018-5745. [GL #780]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>