Question about the Two Recent Security Bulletins

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Jan 26 14:46:19 UTC 2007


-----
>
>                Internet Systems Consortium Security Advisory.
>		   BIND 9: dereferencing freed fetch context
>                             12 January 2007
>
>Versions affected:
>
>	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
>       BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
>	     9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 
>	BIND 9.5.0a1 (Bind Forum only)
-----
>                Internet Systems Consortium Security Advisory.
>			BIND 9: DNSSEC Validation
>                             10 January 2007
>
>Versions affected:
>
>	BIND 9.0.x (all versions of BIND 9.0)	(at end-of-life)
>	BIND 9.1.x (all versions of BIND 9.1)	(at end-of-life)
>	BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7
>	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
>       BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
>	     9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 
>	BIND 9.5.0a1 (Bind Forum only)
-----
Since BIND 9.3.2-P1 and 9.3.2-P2 were official releases, should they
have been listed as vulnerable?   Or was that implied?
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list