From owner-freebsd-security@FreeBSD.ORG  Tue Jul  8 23:42:55 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8D77106564A
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2008 23:42:55 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158])
	by mx1.freebsd.org (Postfix) with ESMTP id B2A908FC13
	for <freebsd-security@freebsd.org>;
	Tue,  8 Jul 2008 23:42:55 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: by syn.atarininja.org (Postfix, from userid 1001)
	id AB1075C2E; Tue,  8 Jul 2008 19:29:46 -0400 (EDT)
Date: Tue, 8 Jul 2008 19:29:46 -0400
From: Wesley Shields <wxs@FreeBSD.org>
To: Remko Lodder <remko@elvandar.org>
Message-ID: <20080708232946.GB74886@atarininja.org>
References: <C499288F.1A09A0%astorms@ncircle.com>
	<386291aa73945a1cc3559aab7c0a6bb3.squirrel@galain.elvandar.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <386291aa73945a1cc3559aab7c0a6bb3.squirrel@galain.elvandar.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-security@freebsd.org, Andrew Storms <astorms@ncircle.com>
Subject: Re: BIND update?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2008 23:42:55 -0000

On Tue, Jul 08, 2008 at 11:31:28PM +0200, Remko Lodder wrote:
> 
> On Tue, July 8, 2008 11:22 pm, Andrew Storms wrote:
> > I agree Remko.  I meant this more as of a timing and planning question
> > than
> > a "the sky is falling!".  Was curious to know if/when an update might be
> > available so schedules could be set.
> >
> > Thanks.
> >
> 
> I cannot tell anything yet about a schedule or a plan for updates yet. We
> (Security Team) first need to investigate what actions are required before
> we can get to this step. I am sure we will try to resolve this as soon as
> possible (and send out the word, if needed by an advisory).

It's worth noting the measures mentioned in the advisory.  Specifically,
restrict recursive queries to only hosts you control.  That will help
cut down your exposure while work goes forward on addressing this
however the security team sees fit.

-- WXS