diff --git a/README b/README
index 7a695d6e6d..c1f9210a97 100644
--- a/README
+++ b/README
@@ -56,6 +56,9 @@ BIND 9.10.3
- Dig now supports sending of arbitary EDNS options by specifying
them on the command line.
+ This release addresses the security flaws described in
+ CVE-2015-4620 and CVE-2015-5477.
+
BIND 9.10.2
BIND 9.10.2 is a maintenance release and addresses bugs
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 9213746d12..65fa63daad 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -38,16 +38,26 @@
Security Fixes
+
+
+ A specially crafted query could trigger an assertion failure
+ in message.c.
+
+
+ This flaw was discovered by Jonathan Foote, and is disclosed
+ in CVE-2015-5477. [RT #39795]
+
+
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
-
+
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
-
+
@@ -70,7 +80,7 @@
them in the build.
-
+
limits the number of
simultaneous queries that can be sent to any single
@@ -81,7 +91,7 @@
option.
-
+
limits the number of
simultaneous queries that can be sent for names within a
@@ -188,7 +198,7 @@
Several bugs have been fixed in the RPZ implementation:
-
+
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting