https://gitlab.isc.org/isc-projects/bind9/-/issues/5628 -- Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 6. 11. 2025, at 13:58, Kelsey Cummings <[email protected]> wrote: > > Ondřej, do you have an ETA for (9.18) releases which contain the fixes? > > >> On 11/4/2025 4:27 AM, Ondřej Surý wrote: >> Agreed. >> I would suggest doing a full bug report into an issue next time and >> including all the relevant details instead of piggybacking on an internal >> issue. >> There is a subtle difference between #5570 and the issue reported below, and >> thus these are two distinct bugs. >> Ondrej >> -- >> Ondřej Surý (He/Him) >> [email protected] >> My working hours and your working hours may be different. Please do not feel >> obligated to reply outside your normal working hours. >>>> On 4. 11. 2025, at 7:21, Petr Menšík via bind-users >>>> <[email protected]> wrote: >>> >>> Unfortunately this is a rare moment, when Ondřej is not correct. This >>> affects all versions, which included fix for CVE-2025-8677. Yes, I verified >>> also our builds are affected. Fedora 9.18.41 contains the same problem, but >>> OpenSSL library does not prevent usage of 5 and 7 algorithms there. It is >>> not visible. >>> >>> But in any case, similar reports should contain delv +vtrace output from >>> your side. Especially because it should be able to reproduce it on any >>> system, which disables RSASHA1 and RSASHA1NSEC3 algorithms. But delv tool >>> shows wrong behaviour only on CentOS 9 or CentOS 10 derivatives. On other >>> systems it seems unaffected on the first glance. >>> >>> Development version contains code modifications, which has similar problem >>> in a bit different place and with different fix needed. But unlike original >>> assumption it affects also stable versions. >>> >>> Cheers, >>> Petr >>> >>> On 30/10/2025 22:39, Ondřej Surý wrote: >>>> No, you have not been caught by this. The issue you are referring to >>>> affects only a development >>>> version of BIND 9 (9.21), so whatever you are experiencing is not related >>>> to this. >>>> >>>> You need to provide evidence (logs, reproducer) about what is going on, so >>>> we can help you >>>> diagnose the issue you are experiencing. >>>> >>>> Ondrej >>>> -- >>>> Ondřej Surý (He/Him) >>>> [email protected] >>>> >>>> My working hours and your working hours may be different. Please do not >>>> feel obligated to reply outside your normal working hours. >>> >>> -- >>> Petr Menšík >>> Senior Software Engineer, RHEL >>> Red Hat, https://www.redhat.com/ >>> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB >>> >>> -- >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >>> this list. >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
