Vulnerability CVE-2019-6469 cannot affect public open-source BIND, only BIND 9 Supported Preview Edition

[Michael McNally]

Today ISC is disclosing a vulnerability which affects ONLY
releases of BIND in BIND Supported Preview Edition, a private
feature preview branch which is provided by ISC to our support
customers.

The vulnerability, which is designated CVE-2019-6469
("BIND Supported Preview Edition can exit with an assertion
failure if ECS is in use") can only be encountered in
the Supported Preview Edition; it cannot occur in the
public open-source branches of BIND.

However, we are issuing this announcement for two reasons:

 1)  We believe that public disclosure of vulnerabilities
     is an important security practice and it is required
     by our ISC Software Defect and Security Vulnerability
     Disclosure Policy (if you are interested, you can read
     the policy here:  https://kb.isc.org/docs/aa-00861)

 2)  We do not want users of our public open-source products
     to learn about this vulnerability elsewhere and potentially
     be confused about whether the defect can affect them.
     [It cannot.]

Those who wish to learn more about the vulnerability, whether
they are affected or not, can read the security advisory for
CVE-2019-6469 in the ISC Knowledge Base:

  https://kb.isc.org/docs/cve-2019-6469

Sincerely,

Michael McNally
ISC Support