From owner-freebsd-security  Sat Jun 29 14:57: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F33C337B401
	for <security@FreeBSD.ORG>; Sat, 29 Jun 2002 14:57:02 -0700 (PDT)
Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A54FD43E06
	for <security@FreeBSD.ORG>; Sat, 29 Jun 2002 14:57:02 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from FreeBSD.org (12-234-90-219.client.attbi.com [12.234.90.219])
	by mail-relay1.yahoo.com (Postfix) with ESMTP
	id 6E5A08B5C7; Sat, 29 Jun 2002 14:57:00 -0700 (PDT)
Message-ID: <3D1E2D22.EBCE8199@FreeBSD.org>
Date: Sat, 29 Jun 2002 14:56:50 -0700
From: Doug Barton <DougB@FreeBSD.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.6-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG
Subject: Re: libc flaw: BIND 9 closes most holes but also opens one
References: <4.3.2.7.2.20020629153253.02e88ef0@localhost>
	 <200206282259.QAA03790@lariat.org>
	 <4.3.2.7.2.20020629123101.02ed2df0@localhost>
	 <4.3.2.7.2.20020629153253.02e88ef0@localhost> <4.3.2.7.2.20020629154457.02fafb00@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Brett Glass wrote:
> 
> At 03:43 PM 6/29/2002, Pete Ehlke wrote:
> 
> >Please, Brett. Don't embarass yourself further on this.
> >
> >http://marc.theaimsgroup.com/?l=bind-announce&m=102527571007047&w=2
> 
> Embarrass? The page you cite actually proves that I'm correct! 

You quoted the second page. The URL I left in the quotation above is the
announcement for 8.2.6, which says:

Highlights vs. 8.2.5
        Security Fix libbind.  All applications linked against libbind
        need to relinked.

Also, take a look at the URL I posted previously:

ftp://ftp.isc.org/isc/bind/src/8.2.6/825-826.diff

> What this means is that the only safe version of libbind is 8.3.3.

Wrong again. As I said before, if you can't be careful to read and
understand what is being said before you post, please don't post. You're
providing needless confusion to the people reading this list. 

Doug

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message