Re: What about BIND 9.3.4 in FreeBSD in base system ?




Chris Marlatt wrote:
Doug Barton wrote:

plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.


One would assume that the release would be supported up until the EOL
provided on freebsd.org of May 31, 2008.

Yes, but whether a full upgrade is needed for "support" or not depends
on your definition. Given that FreeBSD is not vulnerable to these
issues in its default configuration, one could easily argue that an
upgrade for RELENG_5 isn't necessary.

Doug

The subject here is 9.3.4. All the issues raised
in this thread so far were addressed as of 9.3.2-P2
/ 9.3.3. To the best of my knowledge these have
already been addresed.

There are two new issue for 9.3.4.

CVE-2007-0494 which is only a problem if you are
doing DNSEC validation.

CVE-2007-0493 which any recursive 9.3.x (x<4) named
is vulnerable.

Mark
--

This .signature sanitized for your protection

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"