Hi Salvatore, my only comment is: thank you for filing this as I thought I already did that, but apparently not. It is absolutely going to be useful to start with latest upstream version as there is a CVE fixed in 9.20.11-1
+ [CVE2025-40777]: Fix a possible assertion failure when stale-answer-client-timeout is set to 0. Ondrej -- Ondřej Surý (He/Him) [email protected] > On 23. 7. 2025, at 9:24, Salvatore Bonaccorso <[email protected]> wrote: > > Package: release.debian.org > Severity: normal > X-Debbugs-Cc: [email protected], Ondřej Surý <[email protected]>, > [email protected], [email protected] > Control: affects -1 + src:bind9 > User: [email protected] > Usertags: unblock > > Hi Release team, hi Ondrej, > > Approaching you with getting input from Ondrej. bind9/1:9.20.11-1 > fixes CVE-2025-40777. Ad bind9 is updated via the supported upstream > versions in stable, that wuould mean for trxie we would ideally get in > the fixed version. > > Ondrej, do you have something to add here or can you please comment on > allowing bind9/1:9.20.11-1 into trixie? > > Regards, > Salvatore
