Date: Fri, 28 Jun 2002 18:50:13 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: "M. Warner Losh" <imp@village.org> Cc: rwatson@FreeBSD.org, <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: ports/net/bind8 Makefile distinfo ports/net/bind8/files patch-aa Message-ID: <20020628184837.A16738-100000@zoot.corp.yahoo.com> In-Reply-To: <20020628.194328.51639012.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Jun 2002, M. Warner Losh wrote:
> In message: <20020628182743.I16738-100000@zoot.corp.yahoo.com>
> Doug Barton <DougB@FreeBSD.org> writes:
> : Actually it's still debatable just how possible it is to exploit the
> : resolver bug at all, but that's another topic.
>
> I'm pretty sure it is exploitable. Lots of folks that fix these
> things think that it is exploitable. It is better to assume that it
> is exploitable and upgrade
Yes, I agree with everything you said.... please don't misunderstand.
That's one reason I upgraded the port today, just in case someone is
actually using libbind.a. My point was simply that there are a lot of
other good reasons to upgrade bind 8 installs to 8.3.3, besides whatever
protection it may or may not give against the libc resolver bug.
Sorry for the confusion,
Doug
--
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020628184837.A16738-100000>