From owner-freebsd-security@FreeBSD.ORG  Tue Jul 12 01:40:44 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id E3668106564A
	for <freebsd-security@freebsd.org>;
	Tue, 12 Jul 2011 01:40:44 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from 65-241-43-4.globalsuite.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 6670014ED0E;
	Tue, 12 Jul 2011 01:40:44 +0000 (UTC)
Message-ID: <4E1BA61B.9090302@FreeBSD.org>
Date: Mon, 11 Jul 2011 18:40:43 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:5.0) Gecko/20110706 Thunderbird/5.0
MIME-Version: 1.0
To: josh.carroll@gmail.com
References: <201105280928.p4S9SxXg051018@freefall.freebsd.org>
	<4DF79534.6060507@acsalaska.net> <4E1652AF.8000000@secnap.com>
	<4E165A67.6020609@gmail.com>
	<CAN28_4B_iofpfY+1YgeqgbypaBo48R73PKPZVqpHkQV2VHjx8g@mail.gmail.com>
In-Reply-To: <CAN28_4B_iofpfY+1YgeqgbypaBo48R73PKPZVqpHkQV2VHjx8g@mail.gmail.com>
X-Enigmail-Version: 1.2pre
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org, Glen Barber <glen.j.barber@gmail.com>,
	Michael Scheidell <michael.scheidell@secnap.com>
Subject: Re: new bind security bug? Re: [FreeBSD-Announce] FreeBSD Security
 Advisory FreeBSD-SA-11:02.bind
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2011 01:40:45 -0000

On 07/07/2011 19:00, Josh Carroll wrote:
> On Jul 7, 2011 6:40 PM, "Glen Barber" <glen.j.barber@gmail.com> wrote:
>>
>> On 7/7/11 8:43 PM, Michael Scheidell wrote:
>>> <
> http://threatpost.com/en_us/blogs/new-bind-release-fixes-high-severity-remote-bugs-070611
>>
>>>
>>>
>>> The high-severity vulnerability in many versions of the BIND software
>>> has the effect of causing the BIND server to exit when it receives a
>>> specially formatted packet. The ISC said that although it isn't aware of
>>> any public exploits for the bug, it still recommends that organizations
>>> upgrade to one of the newer versions of BIND, which include
>>> 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.
>>>
>>
>> See:
>>
>> http://svnweb.freebsd.org/base?view=revision&revision=223815
>>
> 
> Are there plans to update 8.2-RELEASE as well?

By definition, no. A -RELEASE branch is carved in stone the moment it's
cut. If you're referring to whether or not there will be an 8.2-p*
branch for this change, that's up to the security officer.

Meanwhile my default response is still/always to upgrade to latest ports
version.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/