From owner-freebsd-security Sat Jun 29 18:18: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05DC837B419 for ; Sat, 29 Jun 2002 18:18:02 -0700 (PDT) Received: from bastet.rfc822.net (bastet.rfc822.net [64.81.113.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FF1C43E0A for ; Sat, 29 Jun 2002 18:18:01 -0700 (PDT) (envelope-from pde@bastet.rfc822.net) Received: by bastet.rfc822.net (Postfix, from userid 1001) id F0DBF9FD21; Sat, 29 Jun 2002 20:18:04 -0500 (CDT) Date: Sat, 29 Jun 2002 20:18:04 -0500 From: Pete Ehlke To: security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <20020630011804.GA24509@rfc822.net> References: <4.3.2.7.2.20020629180311.02b5b2d0@localhost> <4.3.2.7.2.20020629191122.02c948b0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020629191122.02c948b0@localhost> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jun 29, 2002 at 07:12:22PM -0600, Brett Glass wrote: > At 06:29 PM 6/29/2002, Mark.Andrews@isc.org wrote: > > > No one is denying that the version in 9.2.1 is vulerable. > > > > You stated that 8.2.6 was vulnerable when it is not. > > It's so far behind the latest version of BIND 8, which is 8.3.3, > that I doubt that it would be possible to fix it without a > time machine. > You are aware, Brett, that you are lecturing one of the BIND authors on the subtleties of the BIND source? Once and for all: there is a fixed 8.3.x. There is a fixed 8.2.x. There is even a fixed v4. This horse is dead. Please stop flogging it, for everyone's sake. -P. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message