Date: Sun, 20 Oct 2019 21:07:44 +1100 From: Kubilay Kocak <koobs@FreeBSD.org> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-ports@freebsd.org Subject: Re: dns/bind911 and 2019Q4 branch Message-ID: <72f8a61f-94a1-3b9d-e2f3-8b6863eeaec6@FreeBSD.org> In-Reply-To: <b99be952-640d-797b-a3c3-4139914c9b0d@netfence.it> References: <0397b89c-284a-2407-3b39-f4be96286475@netfence.it> <20191020092616.uz2y44snsbbzu44q@atuin.in.mat.cc> <b99be952-640d-797b-a3c3-4139914c9b0d@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/10/2019 8:50 pm, Andrea Venturoli wrote: > On 2019-10-20 11:26, Mathieu Arnold wrote: > >> The ISC was very clear in that this update[1] is not a security related >> release, so I have absolutely no plan to merge it. >> >> 1: https://lists.isc.org/pipermail/bind-announce/2019-October/001139.html >> > > Sorry, I had already opened the bug as Kubilay suggested; fell free to > close it, then. > > > > I'm confused though, since the link you posted says: >> To clarify, BIND 9.11.12 is not a security release, but BIND 9.14.7 and >> 9.15.5 are. >> >> The two CVEs disclosed today affect only BIND 9.14 and 9.15; the BIND >> 9.11 branch is not vulnerable. > > But on the release notes for 9.14 there are *3* CVEs and one > (CVE-2019-6471) is also listed in the release notes for 9.11. > > ??? > > bye & Thanks > av. All done (issue closed). Thank you for raising the question and asking though Andrea, many security updates are in fact missed, and don't end up in quarterly branches. Users can help us by identify things that slip through the cracks and reporting those issues, and requesting merges where they are necessary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72f8a61f-94a1-3b9d-e2f3-8b6863eeaec6>