From owner-freebsd-security@FreeBSD.ORG Wed Jul 9 16:12:59 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BDAC5106567E for ; Wed, 9 Jul 2008 16:12:59 +0000 (UTC) (envelope-from peter.thoenen@yahoo.com) Received: from smtp107.prem.mail.ac4.yahoo.com (smtp107.prem.mail.ac4.yahoo.com [76.13.13.46]) by mx1.freebsd.org (Postfix) with SMTP id 4F5058FC1A for ; Wed, 9 Jul 2008 16:12:58 +0000 (UTC) (envelope-from peter.thoenen@yahoo.com) Received: (qmail 34093 invoked from network); 9 Jul 2008 15:46:18 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=JSZf/V0QvktxpCPsp7gDcqHFj6KKlB2m1oop3dqlUUMUIyKYQ83y0qpZRC1XSYpnnekP+VYQyH6kv1MHtGRXcnDbEWBrXU58WcKVPhpUrWcUR2kKIlxWq7HQS/16+J5BBHN69vukGorYtqnP6UpGJGk6gxP+r4gpDaW78C67W+M= ; Received: from unknown (HELO ?76.243.186.14?) (eol1@76.243.186.14 with plain) by smtp107.prem.mail.ac4.yahoo.com with SMTP; 9 Jul 2008 15:46:17 -0000 X-YMail-OSG: YhIdRuIVM1mclWBdcaPJ3UR3iiw3sJC62v25UNpVpuFsCAIwOVh7W3mSlImzUb_cxL2F.ovATI2.lFUC4QPrIGGxo6HDy0o30nWG X-Yahoo-Newman-Property: ymail-3 Message-ID: <4874DD4B.5020608@yahoo.com> Date: Wed, 09 Jul 2008 11:46:19 -0400 From: Peter Thoenen User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: remko@elvandar.org References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> In-Reply-To: <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 09 Jul 2008 16:15:50 +0000 Cc: freebsd-security@freebsd.org, astorms@ncircle.com, Josh Mason Subject: Re: BIND update? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 16:12:59 -0000 >> Right, lets not act swiftly. That would be too much to ask. Is there any >> reason why FreeBSD is one of the last vendors to release patches for the >> vulnerability? Actually IIRC all the press releases from the *alliance* stated 30 days and as this is a fundamental flaw that has known for the past 6 months and doesn't provide any sort of elevated privileges (or effect those smart enough to run DNSSEC like you should be IIRC) its really not a CRITICAL patch .. its more of a when you get around to it seriously. Let the Security Team do their job and quit pestering them on your now now now next day patch wants for a trivial issue.