From 1d5aae19328e5f0078324f9af01fd8898340bd50 Mon Sep 17 00:00:00 2001
From: Xin LI <delphij@FreeBSD.org>
Date: Wed, 20 Jan 2016 07:27:07 +0000
Subject: Vendor import of BIND 9.9.8-P3.

---
 doc/arm/notes.html | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

(limited to 'doc/arm/notes.html')

diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index fe1f686b83472..77019262df24a 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -21,13 +21,18 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2542126"></a>Release Notes for BIND Version 9.9.8-P2</h2></div></div></div>
+<a name="id2542126"></a>Release Notes for BIND Version 9.9.8-P3</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
 <p>
       This document summarizes changes since BIND 9.9.8:
     </p>
+<p>
+      BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
+      It also fixes a serious regression in authoritative server selection
+      that was introduced in 9.9.8.
+    </p>
 <p>
       BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
       (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
@@ -52,13 +57,13 @@
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>
-	  Named is potentially vulnerable to the OpenSSL vulnerabilty
-	  described in CVE-2015-3193.
+	  Specific APL data could trigger an INSIST.  This flaw
+	  was discovered by Brian Mitchell and is disclosed in
+	  CVE-2015-8704. [RT #41396]
 	</p></li>
 <li><p>
-	  Incorrect reference counting could result in an INSIST
-	  failure if a socket error occurred while performing a
-	  lookup.  This flaw is disclosed in CVE-2015-8461. [RT#40945]
+	  Named is potentially vulnerable to the OpenSSL vulnerabilty
+	  described in CVE-2015-3193.
 	</p></li>
 <li><p>
 	  Insufficient testing when parsing a message allowed
@@ -67,6 +72,11 @@
 	  were subsequently cached.  This flaw is disclosed
 	  in CVE-2015-8000. [RT #40987]
 	</p></li>
+<li><p>
+	  Incorrect reference counting could result in an INSIST
+	  failure if a socket error occurred while performing a
+	  lookup.  This flaw is disclosed in CVE-2015-8461. [RT#40945]
+	</p></li>
 </ul></div>
 </div>
 <div class="sect2" lang="en">
@@ -84,7 +94,11 @@
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>None</p></li></ul></div>
+<div class="itemizedlist"><ul type="disc"><li><p>
+	  Authoritative servers that were marked as bogus (e.g. blackholed
+	  in configuration or with invalid addresses) were being queried
+	  anyway. [RT #41321]
+	</p></li></ul></div>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-- 
cgit v1.2.3