Back in May we began experimenting with a new policy of pre-notification
concerning upcoming security releases.  At that time we wrote:

  "After observing the use of this practice by some other open-source projects,
   we here at ISC have decided to amend our security policy to allow, at our
   discretion, limited pre-announcement of pending security vulnerability

Our first pre-notification experiment was well-received and we have decided
to continue the practice.  We therefore are writing to inform you that the
August BIND maintenance releases that will be released on Thursday, 20 August,
contain patches for five separate vulnerabilities.

Further details about the vulnerabilities will be publicly disclosed
at the time the releases are published on Thursday.  It is our hope that
this pre-announcement will aid BIND operators in planning to respond to
that disclosure when it occurs.

Michael McNally
ISC Security Officer

P.S.:  if you have feedback or questions concerning this policy,
kindly direct them to
bind-announce mailing list

Reply via email to