Date: Mon, 29 Jan 2007 22:15:25 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Dmitry A Grigorovich <odip@bionet.nsc.ru> Cc: freebsd-security@freebsd.org Subject: Re: What about BIND 9.3.4 in FreeBSD in base system ? Message-ID: <45BEE27D.1050804@FreeBSD.org> In-Reply-To: <001601c74428$ff9d54b0$ab76ed54@odipw> References: <001601c74428$ff9d54b0$ab76ed54@odipw>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The bind9 port was updated the same day that the code and security
advisory were released, so users who are actually vulnerable to these
issues can update immediately. I imported 9.3.4 into HEAD today, and
plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.
Of the 3 advisories, 2 are only problems for those that run with
DNSSEC validation. The other is only a problem for those that allow
untrusted users access to named configured as a recursive resolver,
and is a DoS vulnerability, not a remote exploit.
As always, if secteam@ asks me to accelerate the MFC schedule I will,
but they haven't said anything to me yet.
hth,
Doug
- --
This .signature sanitized for your protection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
iD8DBQFFvuJ8yIakK9Wy8PsRAkcRAKD4+mN+gUHZzr1QLmIVmcbP7z4UgQCdFqiZ
WUZWQ1WKITsF5ISHV6EXVaA=
=4T7Y
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45BEE27D.1050804>