Typo in BIND 8.2.5 release notice?
Michael H. Warfield
mhw at wittsend.com
Tue Oct 2 18:00:11 UTC 2001
On Tue, Oct 02, 2001 at 11:54:25AM -0400, Harold Pritchett wrote:
> > Subject: BIND 8.2.5 public release
> > Date: Tue, 02 Oct 2001 11:08:54 +1000
> > From: Mark_Andrews at isc.org
> > To: bind-announce at isc.org
> > BIND 8.2.5 is a maintainance release of BIND 8.2, containing
> > minimal changes from 8.2.4.
> > The following versions are being released concurrently:
> > BIND 8.3.0-T2A, which is a alpha release of BIND 8.3.0.
> > BIND 9.2.0rc5, which is a release candidate for BIND 9.2.0.
> > See the seperate release notices for details. Also available is:
> > BIND 9.1.3, which is the latest maintenance release for for BIND 9.1.
> > The recommended versions to use are BIND 9.2.0rc5 and BIND 9.1.3. If
> > for whatever reason you must run BIND 8, use nothing earlier than
> > 8.2.5-REL. Do not under any circumstances run BIND 4.
> I am assuming that the above sentence should read:
> "use nothing earlier than 8.2.4-REL."
> I can find nothing in the documentation which says that 8.2.5 fixes
> any security bugs not fixed by 8.2.4-REL, and 8.2.4-REL did fix
> several security problems from all earlier versions of 8.2.4.
Actually, it looks like it does fix one minor security bug
and that's the permissions on the generated TSIG keys. Not an
earth shattering bug, but I had published an advisory on it. It was
not fixed in 8.2.4 (I confirmed that before the advisory went out)
but just checked and it's fixed in 8.2.5. Guess they didn't figure
it was serious enough for and entry in the docs, though it was listed
in the docs for 8.3 and 9.x.
> Harold Pritchett
> The University of Georgia Computer Incident Response Team
> harold at uga.edu +1.706.542.5110
> pgp public key: http://www.arches.uga.edu/~harold/pgpkey.html
> "They that can give up essential liberty to obtain a little
> temporary safety deserve neither liberty nor safety."
> Benjamin Franklin, Historical Review of Pennsylvania, 1759.
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the bind-users