On 07/06/11 16:21, Borgia, Joe A CTR USAF AFMC AFRL/RIOS wrote:
BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can
find no vulnerabilities listed on the ISC Security Advisories pages. Am
I missing something?
Yes. :-(
https://www.isc.org/software/bind/security/matrix
CVE-2010-3614 - Key algorithm rollover bug in BIND 9
CVE-2010-3613 - cache incorrectly allows an ncache entry and an RRSIG
for the same type
https://www.isc.org/software/bind/advisories/cve-2010-3614
https://www.isc.org/software/bind/advisories/cve-2010-3613
If you did a website search for 9.6.1-P3, you wouldn't have found these
two because the Versions affected: lists a range.
We're trying to list all versions explicitly in newer advisories to make
things a bit clearer - but if a problem affects all BIND9 versions, that
makes it a bit challenging!
We're also pondering on how to make the matrix more readable/useful
without losing the detail that we think people want/need - possibly by
splitting it into several (e.g. 9.8 versions, 9.7 versions and so on).
Hope this helps anyway.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users