diff --git a/CHANGES b/CHANGES
index e3b89a543d..2a6ed0a1dc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -27,6 +27,10 @@
 4990.	[bug]		Prevent a possible NULL reference in pkcs11-keygen.
 			[GL #401]
 
+4997.	[security]	named could crash during recursive processing
+			of DNAME records when "deny-answer-aliases" was
+			in use. (CVE-2018-5740) [GL #387]
+
 	--- 9.11.4 released ---
 
 	--- 9.11.4rc2 released ---
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 220a20e696..7b7475b58f 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -76,6 +76,13 @@
 
   <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>named</command> could crash during recursive processing
+	  of DNAME records when <command>deny-answer-aliases</command> was
+	  in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  When recursion is enabled but the <command>allow-recursion</command>