On 1/29/07, Lubomir Kundrak <lkundrak(a)redhat.com> wrote:
Hi Stephen,
On Pi, 2007-01-26 at 18:20 -0700, Stephen John Smoogen wrote:
> --- 9.3.4 released ---
>
> 2126. [security] Serialise validation of type ANY responses. [RT #16555]
>
> 2124. [security] It was possible to dereference a freed fetch
> context. [RT #16584]
There is a bug open in bugzilla for this update. See #224443 [1].
Unfortunately, there is too little information to find out why is update
2126 a security issue, and why did not ISC issue an advisory for it.
*Sigh* ISC is not good at providing with usable informaation.
Yeah.. the story I have heard multiple times is, people pay ISC for
support then get better answers on the newsgroups from ISC people.
There was some discussion on ISC this weekend about it with CVE
numbers which probably tell even less :).
http://isc.sans.org/diary.html?storyid=2129
[1]
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224443
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"