<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi Josef,</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Was it Hi Josef,<br>
Was it "CVE-2020-8622: A truncated TSIG response can lead to an assertion failure" you were thinking of?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<a href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5" id="LPlnk">https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5</a><br>
</div>
<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1">
<div id="LPBorder_GTaHR0cHM6Ly9rYi5pc2Mub3JnL2RvY3MvY3ZlLTIwMjAtODYyMj9oaWdobGlnaHQ9JTIwJTIwQ1ZFOiUyMCUyMCUyMENWRS0yMDIwLTg2MjIlMjAlMjAlMjAlMjBEb2N1bWVudCUyMHZlcnNpb246JTIwJTIwMi4wJTIwJTIwJTIwUG9zdGluZyUyMGRhdGU6JTIwJTIwMjAlMjBBdWd1c3QlMjAyMDIwJTIwJTIwJTIwUHJvZ3JhbSUyMGltcGFjdGVkOiUyMCUyMCUyMEJJTkQlMjAlMjAlMjAlMjBWZXJzaW9ucyUyMGFmZmVjdGVkOiUyMCUyMEJJTkQlMjA5LjAuMCUyMC0mZ3Q7JTIwOS4xMS4yMSwlMjA5LjEyLjAlMjAtJmd0OyUyMDkuMTYuNQ.." class="LPBorder474252" style="width: 100%; margin-top: 16px; margin-bottom: 16px; position: relative; max-width: 800px; min-width: 424px;">
<table id="LPContainer474252" role="presentation" style="padding: 12px 36px 12px 12px; width: 100%; border-width: 1px; border-style: solid; border-color: rgb(200, 200, 200); border-radius: 2px;">
<tbody>
<tr valign="top" style="border-spacing: 0px;">
<td>
<div id="LPImageContainer474252" style="position: relative; margin-right: 12px; height: 134.648px; overflow: hidden; width: 240px;">
<a target="_blank" id="LPImageAnchor474252" href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5"><img id="LPThumbnailImageId474252" alt="" height="134" style="display: block;" width="240" src="https://cdn.document360.io/956e37e2-5ec0-4942-8b27-35533899f099/Images/Documentation/ISC-logo-rgb-2048x1149.png"></a></div>
</td>
<td style="width: 100%;">
<div id="LPTitle474252" style="font-size: 21px; font-weight: 300; margin-right: 8px; font-family: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; margin-bottom: 12px;">
<a target="_blank" id="LPUrlAnchor474252" href="https://kb.isc.org/docs/cve-2020-8622?highlight=%20%20CVE:%20%20%20CVE-2020-8622%20%20%20%20Document%20version:%20%202.0%20%20%20Posting%20date:%20%2020%20August%202020%20%20%20Program%20impacted:%20%20%20BIND%20%20%20%20Versions%20affected:%20%20BIND%209.0.0%20->%209.11.21,%209.12.0%20->%209.16.5" style="text-decoration: none; color: var(--themePrimary);">CVE-2020-8622:
A truncated TSIG response can lead to an assertion failure - Security Advisories</a></div>
<div id="LPMetadata474252" style="font-size: 14px; font-weight: 400; color: rgb(166, 166, 166); font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif;">
kb.isc.org</div>
</td>
</tr>
</tbody>
</table>
<div id="LPCloseButtonContainer474252" class="_2G1t7TsffMpTdsxcutbAaz" tabindex="0" title="Remove link preview" role="button">
<i data-icon-name="Cancel" aria-hidden="true" id="LPCloseButton474252" class="_17cZVF34hdKub7ce2cOnAW root-84"></i></div>
</div>
</div>
<br>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Kind Regards Peter</div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
Sent from <a href="http://aka.ms/weboutlook">Outlook</a></div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> bind-workers <bind-workers-bounces@lists.isc.org> on behalf of Josef Moellers <jmoellers@suse.de><br>
<b>Sent:</b> 10 June 2021 11:43<br>
<b>To:</b> bind-workers@lists.isc.org <bind-workers@lists.isc.org><br>
<b>Subject:</b> ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi,<br>
<br>
Some time ago, this vulnerability was disclosed, but I cannot find any<br>
trace of the fix for this in the latest CHANGES file.<br>
<br>
As I need to backport the fix to older versions, can anyone describe<br>
where and how this was fixed?<br>
<br>
Thanks and ... stay safe!<br>
<br>
Josef<br>
<br>
-- <br>
SUSE Software Solutions Germany GmbH<br>
Maxfeldstr. 5<br>
90409 Nürnberg<br>
Germany<br>
<br>
(HRB 36809, AG Nürnberg)<br>
Geschäftsführer: Felix Imendörffer<br>
<br>
_______________________________________________<br>
bind-workers mailing list<br>
bind-workers@lists.isc.org<br>
<a href="https://lists.isc.org/mailman/listinfo/bind-workers">https://lists.isc.org/mailman/listinfo/bind-workers</a><br>
</div>
</span></font></div>
</body>
</html>