Add CVE numbers to security update descriptions in CHANGELOG
diff --git a/CHANGELOG b/CHANGELOG
index 3b2782f..b70bf26 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,17 +4,18 @@
Fix a remote buffer overflow problem in the DNSSEC code. Any
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
- referenced by CERT VU#434904.
+ referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
+ CVE-2020-25687.
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
in the {query-ID, random-port} tuple as possible, to help defeat
- cache poisoning attacks. Refer: CERT VU#434904.
+ cache poisoning attacks. Refer: CVE-2020-25684.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
- the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+ the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
@@ -28,7 +29,7 @@
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
- clients who asked. Refer: CERT VU#434904.
+ clients who asked. Refer: CVE-2020-25686.
version 2.82