From 1d5aae19328e5f0078324f9af01fd8898340bd50 Mon Sep 17 00:00:00 2001
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 20 Jan 2016 07:27:07 +0000
Subject: Vendor import of BIND 9.9.8-P3.

---
 doc/arm/Bv9ARM.ch09.html | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

(limited to 'doc/arm/Bv9ARM.ch09.html')

diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index d1f0328b099c8..3511016ed7d63 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,7 +45,7 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P2</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P3</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,13 +60,18 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563593"></a>Release Notes for BIND Version 9.9.8-P2</h2></div></div></div>
+<a name="id2563593"></a>Release Notes for BIND Version 9.9.8-P3</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
 <p>
       This document summarizes changes since BIND 9.9.8:
     </p>
+<p>
+      BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
+      It also fixes a serious regression in authoritative server selection
+      that was introduced in 9.9.8.
+    </p>
 <p>
       BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
       (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
@@ -91,13 +96,13 @@
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>
-	  Named is potentially vulnerable to the OpenSSL vulnerabilty
-	  described in CVE-2015-3193.
+	  Specific APL data could trigger an INSIST.  This flaw
+	  was discovered by Brian Mitchell and is disclosed in
+	  CVE-2015-8704. [RT #41396]
 	</p></li>
 <li><p>
-	  Incorrect reference counting could result in an INSIST
-	  failure if a socket error occurred while performing a
-	  lookup.  This flaw is disclosed in CVE-2015-8461. [RT#40945]
+	  Named is potentially vulnerable to the OpenSSL vulnerabilty
+	  described in CVE-2015-3193.
 	</p></li>
 <li><p>
 	  Insufficient testing when parsing a message allowed
@@ -106,6 +111,11 @@
 	  were subsequently cached.  This flaw is disclosed
 	  in CVE-2015-8000. [RT #40987]
 	</p></li>
+<li><p>
+	  Incorrect reference counting could result in an INSIST
+	  failure if a socket error occurred while performing a
+	  lookup.  This flaw is disclosed in CVE-2015-8461. [RT#40945]
+	</p></li>
 </ul></div>
 </div>
 <div class="sect2" lang="en">
@@ -123,7 +133,11 @@
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>None</p></li></ul></div>
+<div class="itemizedlist"><ul type="disc"><li><p>
+	  Authoritative servers that were marked as bogus (e.g. blackholed
+	  in configuration or with invalid addresses) were being queried
+	  anyway. [RT #41321]
+	</p></li></ul></div>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
@@ -163,6 +177,6 @@
 </tr>
 </table>
 </div>
-<p style="text-align: center;">BIND 9.9.8-P2 (Extended Support Version)</p>
+<p style="text-align: center;">BIND 9.9.8-P3 (Extended Support Version)</p>
 </body>
 </html>
-- 
cgit v1.2.3