From owner-freebsd-security  Sat Jun 29 17:19:20 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8984537B405
	for <security@FreeBSD.org>; Sat, 29 Jun 2002 17:19:16 -0700 (PDT)
Received: from 12-234-90-219.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2E68643E42
	for <security@FreeBSD.org>; Sat, 29 Jun 2002 17:18:24 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from master.gorean.org (master.gorean.org [10.0.0.2])
	by 12-234-90-219.client.attbi.com (8.12.3/8.12.3) with ESMTP id g5U0IDBu094813;
	Sat, 29 Jun 2002 17:18:13 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from localhost (doug@localhost)
	by master.gorean.org (8.12.4/8.12.4/Submit) with ESMTP id g5U0I8hH005526;
	Sat, 29 Jun 2002 17:18:13 -0700 (PDT)
Date: Sat, 29 Jun 2002 17:18:08 -0700 (PDT)
From: Doug Barton <DougB@FreeBSD.org>
To: Brett Glass <brett@lariat.org>
Cc: Pete Ehlke <pde@rfc822.net>, <security@FreeBSD.org>
Subject: Re: libc flaw: BIND 9 closes most holes but also opens one
In-Reply-To: <4.3.2.7.2.20020629180311.02b5b2d0@localhost>
Message-ID: <20020629171611.S5428-100000@master.gorean.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, 29 Jun 2002, Brett Glass wrote:

> At 03:56 PM 6/29/2002, Doug Barton wrote:
>
> >You quoted the second page. The URL I left in the quotation above is the
> >announcement for 8.2.6, which says:
> >
> >Highlights vs. 8.2.5
> >        Security Fix libbind.  All applications linked against libbind
> >        need to relinked.
>
> So? That's not the version of libbind that's in 9.2.1. The version
> in 9.2.1 is vulnerable; I've checked the source.

Once again, no one is arguing against that point. Yes, the version of
libbind in 9.2.1 is vulnerable.

What you have said repeatedly, and what is demonstrably false, is that the
only place libbind is fixed is in 8.3.3.  It is also fixed in 8.2.6. Now
please let this drop.... you're not adding anything useful to the topic.

Doug


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message