Pre-announcement of five BIND security issues scheduled for disclosure 20 August 2020
ISC Security Officer
security-officer at isc.org
Mon Aug 17 22:34:44 UTC 2020
Back in May we began experimenting with a new policy of pre-notification
concerning upcoming security releases. At that time we wrote:
"After observing the use of this practice by some other open-source projects,
we here at ISC have decided to amend our security policy to allow, at our
discretion, limited pre-announcement of pending security vulnerability
disclosures."
Our first pre-notification experiment was well-received and we have decided
to continue the practice. We therefore are writing to inform you that the
August BIND maintenance releases that will be released on Thursday, 20 August,
contain patches for five separate vulnerabilities.
Further details about the vulnerabilities will be publicly disclosed
at the time the releases are published on Thursday. It is our hope that
this pre-announcement will aid BIND operators in planning to respond to
that disclosure when it occurs.
Michael McNally
ISC Security Officer
P.S.: if you have feedback or questions concerning this policy,
kindly direct them to security-officer at isc.org
More information about the bind-announce
mailing list