Date: Sun, 30 Jun 2002 10:29:48 +1000 From: Mark.Andrews@isc.org To: Brett Glass <brett@lariat.org> Cc: Doug Barton <DougB@FreeBSD.ORG>, Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <200206300029.g5U0Tmm0062703@drugs.dv.isc.org> In-Reply-To: Your message of "Sat, 29 Jun 2002 18:06:58 CST." <4.3.2.7.2.20020629180311.02b5b2d0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
> At 03:56 PM 6/29/2002, Doug Barton wrote: > > >You quoted the second page. The URL I left in the quotation above is the > >announcement for 8.2.6, which says: > > > >Highlights vs. 8.2.5 > > Security Fix libbind. All applications linked against libbind > > need to relinked. > > So? That's not the version of libbind that's in 9.2.1. The version > in 9.2.1 is vulnerable; I've checked the source. No one is denying that the version in 9.2.1 is vulerable. You stated that 8.2.6 was vulnerable when it is not. Stop complaining when people correct your mis-statement. The "fix" for 9.2.1 is to use libbind from 8.2.6 or 8.3.3 until we (ISC) make a new bind release (9.2.2/9.3.0/snapshot). You can also just take the diff and patch the copy in 9.2.0/9.2.1. It should work though I haven't tested it. Mark > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206300029.g5U0Tmm0062703>