From e01e09c7125b40646aff4a582672e711a18a69a4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 8 Jan 2021 22:50:03 +0000
Subject: Add CVE numbers to security update descriptions in CHANGELOG

---
 CHANGELOG | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,16 +1,17 @@
 	Fix a remote buffer overflow problem in the DNSSEC code. Any
 	dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
-	referenced by CERT VU#434904.
+	referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
+	CVE-2020-25687.
 
 	Be sure to only accept UDP DNS query replies at the address
 	from which the query was originated. This keeps as much entropy
 	in the {query-ID, random-port} tuple as possible, to help defeat
-	cache poisoning attacks. Refer: CERT VU#434904.
+	cache poisoning attacks. Refer: CVE-2020-25684.
 
 	Use the SHA-256 hash function to verify that DNS answers
 	received are for the questions originally asked. This replaces
 	the slightly insecure SHA-1 (when compiled with DNSSEC) or
-	the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+	the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
 
 	Handle multiple identical near simultaneous DNS queries better.
 	Previously, such queries would all be forwarded
@@ -24,7 +25,7 @@
 	of the query. The new behaviour detects repeated queries and
 	merely stores the clients sending repeats so that when the
 	first query completes, the answer can be sent to all the
-	clients who asked. Refer: CERT VU#434904.
+	clients who asked. Refer: CVE-2020-25686.
 	
 
 version 2.81