Log Message:
net/bind918: update to 9.18.19

9.18.19 (2023-09-20)

6246.	[security]	Fix use-after-free error in TLS DNS code when sending
			data. (CVE-2023-4236) [GL #4242]

6245.	[security]	Limit the amount of recursion that can be performed
			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]

6244.	[bug]		Adjust log levels on malformed messages to NOTICE when
			transferring in a zone. [GL #4290]

6241.	[bug]		Take into account the possibility of partial TLS writes
			in TLS DNS code. That helps to prevent DNS messages
			corruption on long DNS over TLS streams. [GL #4255]

6240.	[bug]		Use dedicated per-worker thread jemalloc memory
			arenas for send buffers allocation to reduce memory
			consumption and avoid lock contention. [GL #4038]

6239.	[func]		Deprecate the 'dnssec-must-be-secure' option.
			[GL #3700]

6237.	[bug]		Address memory leaks due to not clearing OpenSSL error
			stack. [GL #4159]

6235.	[doc]		Clarify BIND 9 time formats. [GL #4266]

6234.	[bug]		Restore stale-refresh-time value after flushing the
			cache. [GL #4278]

6232.	[bug]		Following the introduction of krb5-subdomain-self-rhs
			and ms-subdomain-self-rhs update rules, removal of
			nonexistent PTR and SRV records via UPDATE could fail.
			[GL #4280]

6231.	[func]		Make nsupdate honor -v for SOA requests if the server
			is specified. [GL #1181]

6230.	[bug]		Prevent an unnecessary query restart if a synthesized
			CNAME target points to the CNAME owner. [GL #3835]

6227.	[bug]		Check the statistics-channel HTTP Content-length
			to prevent negative or overflowing values from
			causing a crash. [GL #4125]

6224.	[bug]		Check the If-Modified-Since value length to prevent
			out-of-bounds write. [GL #4124]