dns/bind911 and 2019Q4 branch
Kubilay Kocak
koobs at FreeBSD.org
Sun Oct 20 10:07:52 UTC 2019
On 20/10/2019 8:50 pm, Andrea Venturoli wrote:
> On 2019-10-20 11:26, Mathieu Arnold wrote:
>
>> The ISC was very clear in that this update[1] is not a security related
>> release, so I have absolutely no plan to merge it.
>>
>> 1: https://lists.isc.org/pipermail/bind-announce/2019-October/001139.html
>>
>
> Sorry, I had already opened the bug as Kubilay suggested; fell free to
> close it, then.
>
>
>
> I'm confused though, since the link you posted says:
>> To clarify, BIND 9.11.12 is not a security release, but BIND 9.14.7 and
>> 9.15.5 are.
>>
>> The two CVEs disclosed today affect only BIND 9.14 and 9.15; the BIND
>> 9.11 branch is not vulnerable.
>
> But on the release notes for 9.14 there are *3* CVEs and one
> (CVE-2019-6471) is also listed in the release notes for 9.11.
>
> ???
>
> bye & Thanks
> av.
All done (issue closed).
Thank you for raising the question and asking though Andrea, many
security updates are in fact missed, and don't end up in quarterly branches.
Users can help us by identify things that slip through the cracks and
reporting those issues, and requesting merges where they are necessary
More information about the freebsd-ports
mailing list