On Wed, Oct 17, 2012 at 10:22 PM, Matthew Grant wrote:
On Wed, Oct 17, 2012 at 1:57 PM, Michael Gilbert
No. We're in the freeze now. Fixes need to be backported.
If backporting a fix is not possible with the certainty of no introduced
bugs, we have no choice.
Debian Bind9 cannot ship
On Wed, Oct 17, 2012 at 1:57 PM, Michael Gilbert mgilb...@debian.orgwrote:
On Tue, Oct 16, 2012 at 6:49 PM, Matthew Grant wrote:
Can Bug #690569 (DNS wildcards fail to resolve with DNSsec enabled -
breaks
RFC 4035)be reclassified as grave, or at least Important severity?
You implied a bug
On Mon, Oct 15, 2012 at 11:52 PM, Matthew Grant wrote:
Thanks for that: Bit of a situation brewing for bind9 re #690569 (failure to
resolve dnssec-validated wildcards - major non-compliance to RFC etc) and
#690142 (this CVE)
Would appreciate your advice on how to proceed please. Note: Will
On Tue, Oct 16, 2012 at 6:49 PM, Matthew Grant wrote:
Hi Michael!
Sorry to bother you again, but want some advice before I leap.
Can Bug #690569 (DNS wildcards fail to resolve with DNSsec enabled - breaks
RFC 4035)be reclassified as grave, or at least Important severity?
We need to get
Thanks,
I will cross check this with all ISC tar balls between 9.8.1 and 9.8.2.
This is when the CHANGES file lists it was fixed.
I have noted that ISC changed things quite a lot with some internal
structures over 9.8.x/9.7.x/9.6.x, when I was examining some issues to do
with query rate DoS
Hi, I've canceled this nmu. There were a lot of Makefile and other
files unrelated to the security fix that got included vs -4.2. Also,
an nmu requirement is to attach the full diff to the bug report to
help the maintainer out later.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to
Package: bind9
Version: 1:9.8.1.dfsg.P1-4.2
Followup-For: Bug #690142
Dear Maintainer,
Attaching a patch for this version of Debian bind9. NMUing in 2 days with
1:9.8.1.dfsg.P1-4.3
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Package: bind9
Tags: security
Severity: grave
A security relevant bug on all versions of bind9 has been discovered. Only
recursive servers are vulnerable. To mitigate the effects of a possible
attack it should be sufficient to set minimal-responses yes; in the
global options {} section.
As
Tags: security, patch
find the Ubuntu patch attached.
best regards,
Adi Kriegisch
=== modified file 'bin/named/query.c'
--- bin/named/query.c 2011-11-16 14:22:11 +
+++ bin/named/query.c 2012-10-05 09:45:39 +
@@ -1024,13 +1024,6 @@
mname = NULL;
}
- /*
- * If the
9 matches
Mail list logo
