Your message dated Mon, 29 Jan 2007 13:47:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#408925: fixed in bind9 1:9.3.4-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: bind9
Version: 9.3.4-1
Severity: normal
Tags: security
When I take a closer look at bind9 9.3.4-1, it looks to me like the
last packaged 9.3.3 version. The daemon also reports itself as 9.3.3.
Otoh, the differences between ISC 9.3.4 and Debian 9.3.4-1 are much
more than only RFCs and other non-free stuff removed and the debian/
directory.
$ debdiff bind9_9.3.3-1.dsc bind9_9.3.4-1.dsc
diff -Nru /tmp/GVYoTmAggh/bind9-9.3.3/debian/arch-version
/tmp/KeX88zsRLM/bind9-9.3.4/debian/arch-version
--- /tmp/GVYoTmAggh/bind9-9.3.3/debian/arch-version 2007-01-29
11:21:35.000000000 +0100
+++ /tmp/KeX88zsRLM/bind9-9.3.4/debian/arch-version 2007-01-29
11:21:37.000000000 +0100
@@ -1 +1 @@
[EMAIL PROTECTED]/bind9--merged--9.3.3--patch-7
[EMAIL PROTECTED]/bind9--merged--9.3.4--patch-2
diff -Nru /tmp/GVYoTmAggh/bind9-9.3.3/debian/changelog
/tmp/KeX88zsRLM/bind9-9.3.4/debian/changelog
--- /tmp/GVYoTmAggh/bind9-9.3.3/debian/changelog 2007-01-29
11:21:35.000000000 +0100
+++ /tmp/KeX88zsRLM/bind9-9.3.4/debian/changelog 2007-01-29
11:21:37.000000000 +0100
@@ -1,3 +1,9 @@
+bind9 (1:9.3.4-1) unstable; urgency=high
+
+ * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494
+
+ -- LaMont Jones <[EMAIL PROTECTED]> Thu, 25 Jan 2007 14:31:09 -0700
+
bind9 (1:9.3.3-1) unstable; urgency=low
* New upstream version
$ diff -urN bind-9.3.4 bind9-9.3.4 | diffstat | grep -v '\(doc\|debian\)'
CHANGES | 8
FAQ | 43
FAQ.xml | 83
README | 8
aclocal.m4 | 6382 +++
bin/named/named.8 | 6
bin/named/unix/os.c | 5
bin/rndc/rndc.8 | 2
config.guess | 590
config.h.in | 4
config.sub | 121
configure |18306
+++++-----
contrib/idn/idnkit-1.0-src/config.guess | 980
contrib/idn/idnkit-1.0-src/config.sub | 445
lib/dns/Makefile.in | 4
lib/dns/api | 6
lib/dns/include/dns/validator.h | 12
lib/dns/resolver.c | 51
lib/dns/validator.c | 26
lib/isc/Makefile.in | 3
lib/isc/unix/socket.c | 4
lib/isc/win32/socket.c | 2
lib/isccc/Makefile.in | 5
lib/isccfg/Makefile.in | 2
ltmain.sh | 1045
version | 4
217 files changed, 20538 insertions(+), 141494 deletions(-)
Can you please take a look at this and confirm what was going on?
Greetings
Marc
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.2-zgsrv
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
--- End Message ---
--- Begin Message ---
Source: bind9
Source-Version: 1:9.3.4-2
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:
bind9-doc_9.3.4-2_all.deb
to pool/main/b/bind9/bind9-doc_9.3.4-2_all.deb
bind9-host_9.3.4-2_i386.deb
to pool/main/b/bind9/bind9-host_9.3.4-2_i386.deb
bind9_9.3.4-2.diff.gz
to pool/main/b/bind9/bind9_9.3.4-2.diff.gz
bind9_9.3.4-2.dsc
to pool/main/b/bind9/bind9_9.3.4-2.dsc
bind9_9.3.4-2_i386.deb
to pool/main/b/bind9/bind9_9.3.4-2_i386.deb
dnsutils_9.3.4-2_i386.deb
to pool/main/b/bind9/dnsutils_9.3.4-2_i386.deb
libbind-dev_9.3.4-2_i386.deb
to pool/main/b/bind9/libbind-dev_9.3.4-2_i386.deb
libbind9-0_9.3.4-2_i386.deb
to pool/main/b/bind9/libbind9-0_9.3.4-2_i386.deb
libdns22_9.3.4-2_i386.deb
to pool/main/b/bind9/libdns22_9.3.4-2_i386.deb
libisc11_9.3.4-2_i386.deb
to pool/main/b/bind9/libisc11_9.3.4-2_i386.deb
libisccc0_9.3.4-2_i386.deb
to pool/main/b/bind9/libisccc0_9.3.4-2_i386.deb
libisccfg1_9.3.4-2_i386.deb
to pool/main/b/bind9/libisccfg1_9.3.4-2_i386.deb
liblwres9_9.3.4-2_i386.deb
to pool/main/b/bind9/liblwres9_9.3.4-2_i386.deb
lwresd_9.3.4-2_i386.deb
to pool/main/b/bind9/lwresd_9.3.4-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <[EMAIL PROTECTED]> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 29 Jan 2007 06:09:03 -0700
Source: bind9
Binary: libisccc0 libdns22 lwresd libbind9-0 bind9-doc dnsutils bind9
libbind-dev bind9-host liblwres9 libisc11 libisccfg1
Architecture: all i386 source
Version: 1:9.3.4-2
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <[EMAIL PROTECTED]>
Changed-By: LaMont Jones <[EMAIL PROTECTED]>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
dnsutils - Clients provided with BIND
libbind-dev - Static Libraries and Headers used by BIND
libbind9-0 - BIND9 Shared Library used by BIND
libdns22 - DNS Shared Library used by BIND
libisc11 - ISC Shared Library used by BIND
libisccc0 - Command Channel Library used by BIND
libisccfg1 - Config File Handling Library used by BIND
liblwres9 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 408925
Changes:
bind9 (1:9.3.4-2) unstable; urgency=high
.
* Actually really do the merge of 9.3.4. Sigh. Closes: #408925
Files:
4a74645c79098cf83fee6da1c064bcd9 93942 libs standard
libbind9-0_9.3.4-2_i386.deb
626b8763654e49c197f346a3fa8c564e 278683 net optional bind9_9.3.4-2.diff.gz
7333d37ce61b18103203da912adda4c6 179900 net standard dnsutils_9.3.4-2_i386.deb
89372feec9df5f5569200e793b00b554 105578 libs optional
libisccfg1_9.3.4-2_i386.deb
976b3a975e240104a7802fb443d3941c 168834 libs standard libisc11_9.3.4-2_i386.deb
a89eed33276e7f68a54c4a705fb88b6c 109452 libs standard
liblwres9_9.3.4-2_i386.deb
b184f5870ed70fe1fb716f0fd24a94a9 112576 net standard
bind9-host_9.3.4-2_i386.deb
aaf224ccc61eebeeaa64a20be07eff28 748 net optional bind9_9.3.4-2.dsc
bf6b1792b393cc45e2071e90315822a0 186430 doc optional bind9-doc_9.3.4-2_all.deb
c45251982f74ced0cbf12b4bedd19b5e 205984 net optional lwresd_9.3.4-2_i386.deb
c71ce3aed707914c74bf2430d7be5fa6 470666 libs standard libdns22_9.3.4-2_i386.deb
df5db4cfc0c6b8212a35bf286ef5ed2b 991870 libdevel optional
libbind-dev_9.3.4-2_i386.deb
f2e3a1597097982e7b9ad4c51376187c 93922 libs optional libisccc0_9.3.4-2_i386.deb
ff0e0f3f55c9b7d4938c35431032c8cd 293936 net optional bind9_9.3.4-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFvfh3zN/kmwoKyScRAr4MAKCBI3b55EaoDZr4UzRiB9zjWHP2igCfX+B4
dwLg91ON/W33RbC0p2l6GLw=
=fyXb
-----END PGP SIGNATURE-----
--- End Message ---
