From owner-freebsd-stable@FreeBSD.ORG Thu Jul 26 12:17:58 2007 Return-Path: Delivered-To: stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92B0916A41F for ; Thu, 26 Jul 2007 12:17:58 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: from smtpauth01.prod.mesa1.secureserver.net (smtpauth01.prod.mesa1.secureserver.net [64.202.165.181]) by mx1.freebsd.org (Postfix) with SMTP id 2F65413C468 for ; Thu, 26 Jul 2007 12:17:58 +0000 (UTC) (envelope-from Stephen.Clark@seclark.us) Received: (qmail 12079 invoked from network); 26 Jul 2007 11:51:17 -0000 Received: from unknown (24.144.77.243) by smtpauth01.prod.mesa1.secureserver.net (64.202.165.181) with ESMTP; 26 Jul 2007 11:51:17 -0000 Message-ID: <46A88AB4.1010808@seclark.us> Date: Thu, 26 Jul 2007 07:51:16 -0400 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-22smp i686; en-US; m18) Gecko/20010110 Netscape6/6.5 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Barton References: <01e101c7cecb$380e6960$b6db87d4@multiplay.co.uk> <46A78AB3.9090805@FreeBSD.org> In-Reply-To: <46A78AB3.9090805@FreeBSD.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: stable@FreeBSD.org, Steven Hartland Subject: Re: bind exploit, patch expected? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Stephen.Clark@seclark.us List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 12:17:58 -0000 Doug Barton wrote: >Steven Hartland wrote: > > >>I assume the security team are already working on this but >>cant hurt to ask: >> >> > >Before you ask questions on a public list it's generally considered >polite to do a little checking yourself, especially in an open source >project. As Mike pointed out, the secteam had already addressed this >issue on -security, and I had already followed up in detail regarding >the upgrade plans. > >In addition, at the time you posted the updates had all been done in >the ports, HEAD (-current), and RELENG_[56] (5 and 6-stable). > >In any case, it's good that you're on top of your security >announcements, and I'm glad to say that this time anyway we're one >step ahead. :) > >Doug > > > Interesting - I just checked the FreeBSD.org security page and don't see any indication of a patch to fix the vulnerability for 6.1. Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)