Hi Stephen,
On Pi, 2007-01-26 at 18:20 -0700, Stephen John Smoogen wrote:
--- 9.3.4 released ---
2126. [security] Serialise validation of type ANY responses. [RT #16555]
2124. [security] It was possible to dereference a freed fetch
context. [RT #16584]
There is a bug open in bugzilla for this update. See #224443 [1].
Unfortunately, there is too little information to find out why is update
2126 a security issue, and why did not ISC issue an advisory for it.
*Sigh* ISC is not good at providing with usable informaation.
[1]
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224443
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)