From owner-freebsd-security  Thu Feb  8  9:52:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id A2D0637B67D; Thu,  8 Feb 2001 09:52:20 -0800 (PST)
Received: (from str@localhost)
	by giganda.komkon.org (8.9.3/8.9.3) id MAA50931;
	Thu, 8 Feb 2001 12:52:19 -0500 (EST)
	(envelope-from str)
Date: Thu, 8 Feb 2001 12:52:19 -0500 (EST)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200102081752.MAA50931@giganda.komkon.org>
To: security-officer@freebsd.org, security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:10.bind [REVISED]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I already made this comment when the earlier advisory
on bind was issued:
Reference to 4.x is not completely correct (or at least,
confusing) , since 4.0-RELEASE had
earlier, vulnerable version of bind.

Kris, you probably forgot about your intention to correct that part
of the advisory.

Best,

Igor


> From owner-freebsd-security@FreeBSD.ORG Wed Feb  7 14:29:17 2001
> Date: Wed, 7 Feb 2001 11:28:33 -0800 (PST)
> From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
> To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
> Subject: FreeBSD Security Advisory: FreeBSD-SA-01:10.bind [REVISED]
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-01:10                                           Security Advisory
>                                                                 FreeBSD, Inc.
>
> Topic:          bind remote denial of service [REVISED]
>
> Category:       core, ports
> Module:         bind
> Announced:      2001-01-23
> Revised:	2001-02-07
> Credits:	Fabio Pietrosanti <fabio@TELEMAIL.IT>
> Affects:        FreeBSD 3.x prior to the correction date.
> 		Ports collection prior to the correction date.
> Corrected:      2000-11-27 (FreeBSD 3.5-STABLE)
> 		2001-01-05 (Ports collection)
> Vendor status:  Updated version released
> FreeBSD only:   NO
>
> 0.   Revision History
>
> v1.0  2001-01-23  Initial release
> v1.1  2001-02-07  Rerelease to note the far more serious problems described
>                   in SA-01:18
>

<..>

>
> All versions of FreeBSD 3.x prior to the correction date including
> 3.5.1-RELEASE are vulnerable to this problem.  In addition, the bind8
> port in the ports collection is also vulnerable.  FreeBSD 4.x is not
> affected since it contains versions of BIND 8.2.3.
>


<...>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message