On 09-May-19 09:33 AM, Markus Wollny wrote:
Hello,
Is there an ETA on the fix for this bind9 vulnerability to be
available for Debian Stretch yet?
I see LTS (jessie) is still marked as vulnerable, the DLA needed doc
indicates a test package was ready on 12 May, are there issues around
it's release?
https://security-tracker.debian.org/tracker/CVE-2018-5743 says that
the stable branch is still vulnerable (fixed in buster/sid only), even
though the Debian bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 is already
marked as closed.
I admit I am not all too familiar with usual Debian security
procedures in such cases, but as the bug is rated with a severity
rating of grave and it's now two weeks since the public disclosure, I
am starting to feel a little worried.
Kind regards
Markus
--
Kind Regards,
Shaun Bugler
System Administrator
Hetzner (Pty) Ltd
SA Contact Centre: 0861 0861 08
International: +27 21 970 2000
Website: hetzner.co.za <http://www.hetzner.co.za>
Disclaimer: hetzner.co.za/email-disclaimer
<http://www.hetzner.co.za/email-disclaimer>
