From owner-freebsd-stable@FreeBSD.ORG  Thu Jul 26 16:15:51 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3A61416A418
	for <stable@FreeBSD.org>; Thu, 26 Jul 2007 16:15:51 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5])
	by mx1.freebsd.org (Postfix) with SMTP id CE18A13C4A5
	for <stable@FreeBSD.org>; Thu, 26 Jul 2007 16:15:50 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: (qmail 24030 invoked by uid 399); 26 Jul 2007 16:15:47 -0000
Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1)
	by localhost with ESMTP; 26 Jul 2007 16:15:47 -0000
X-Originating-IP: 127.0.0.1
Message-ID: <46A8C8B2.7060406@FreeBSD.org>
Date: Thu, 26 Jul 2007 09:15:46 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://www.FreeBSD.org/
User-Agent: Thunderbird 2.0.0.5 (X11/20070723)
MIME-Version: 1.0
To: Stephen.Clark@seclark.us
References: <01e101c7cecb$380e6960$b6db87d4@multiplay.co.uk>
	<46A78AB3.9090805@FreeBSD.org> <46A88AB4.1010808@seclark.us>
In-Reply-To: <46A88AB4.1010808@seclark.us>
X-Enigmail-Version: 0.95.1
OpenPGP: id=D5B2F0FB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: stable@FreeBSD.org, Steven Hartland <killing@multiplay.co.uk>
Subject: Re: bind exploit, patch expected?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2007 16:15:51 -0000

Stephen Clark wrote:

> Interesting - I just checked the FreeBSD.org security page and don't see
> any indication of a patch to fix the vulnerability for 6.1.

While I can't speak for the secteam I do know that they are working on
the usual round of advisories, patches, updates to security branches,
etc.

Meanwhile, my personal best advice for you is to upgrade to 6-stable
rather than worry about patching 6.1. If you're not interested in
that, then as I've said about half a dozen times now, you can use the
ports, and you can even choose the option to replace the base BIND if
that makes it easier for you.

Finally you could of course derive the patch yourself by simply
downloading the two tarballs and diffing them. When you have a diff,
remove everything in the w32 and test directories and you're all set.


hope this helps,

Doug

-- 

    This .signature sanitized for your protection