Date: Sun, 20 Oct 2019 11:50:31 +0200 From: Andrea Venturoli <ml@netfence.it> To: Mathieu Arnold <mat@FreeBSD.org> Cc: freebsd-ports@freebsd.org, koobs@FreeBSD.org Subject: Re: dns/bind911 and 2019Q4 branch Message-ID: <b99be952-640d-797b-a3c3-4139914c9b0d@netfence.it> In-Reply-To: <20191020092616.uz2y44snsbbzu44q@atuin.in.mat.cc> References: <0397b89c-284a-2407-3b39-f4be96286475@netfence.it> <20191020092616.uz2y44snsbbzu44q@atuin.in.mat.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-10-20 11:26, Mathieu Arnold wrote: > The ISC was very clear in that this update[1] is not a security related > release, so I have absolutely no plan to merge it. > > 1: https://lists.isc.org/pipermail/bind-announce/2019-October/001139.html > Sorry, I had already opened the bug as Kubilay suggested; fell free to close it, then. I'm confused though, since the link you posted says: > To clarify, BIND 9.11.12 is not a security release, but BIND 9.14.7 and > 9.15.5 are. > > The two CVEs disclosed today affect only BIND 9.14 and 9.15; the BIND > 9.11 branch is not vulnerable. But on the release notes for 9.14 there are *3* CVEs and one (CVE-2019-6471) is also listed in the release notes for 9.11. ??? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b99be952-640d-797b-a3c3-4139914c9b0d>