Re: What about BIND 9.3.4 in FreeBSD in base system ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The bind9 port was updated the same day that the code and security
advisory were released, so users who are actually vulnerable to these
issues can update immediately. I imported 9.3.4 into HEAD today, and
plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.
Of the 3 advisories, 2 are only problems for those that run with
DNSSEC validation. The other is only a problem for those that allow
untrusted users access to named configured as a recursive resolver,
and is a DoS vulnerability, not a remote exploit.
As always, if secteam@ asks me to accelerate the MFC schedule I will,
but they haven't said anything to me yet.
hth,
Doug
- --
This .signature sanitized for your protection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
iD8DBQFFvuJ8yIakK9Wy8PsRAkcRAKD4+mN+gUHZzr1QLmIVmcbP7z4UgQCdFqiZ
WUZWQ1WKITsF5ISHV6EXVaA=
=4T7Y
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 17 篇):