Is there an update for bind coming to F15/6 to address
CVE-2011-2464 / CVE-2011-2465
I didn't find one in koji ..
Thanks ...
gene
On Tue, Jul 5, 2011 at 7:42 PM, Genes MailLists lists@sapience.com wrote:
Is there an update for bind coming to F15/6 to address
CVE-2011-2464 / CVE-2011-2465
I didn't find one in koji ..
Looks like bind-9.8.0-7.P4.fc16 is currently building but that is affected too?
On 07/05/2011 07:42 PM, Genes MailLists wrote:
Is there an update for bind coming to F15/6 to address
CVE-2011-2464 / CVE-2011-2465
You can use the CVE numbers as a bugzilla alias to access these bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2464 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2465
These bugs depend on the bugs for specific releases - the f15 and rawhide tracking bugs are here:
https://bugzilla.redhat.com/show_bug.cgi?id=719041 [f15] https://bugzilla.redhat.com/show_bug.cgi?id=719043 [rawhide]
There's a link to a bodhi update submission in the f15 one.
There's a bit more information about how Fedora uses bugzilla for security-relevant bugs in the wiki here:
http://fedoraproject.org/wiki/Security
And you can also contact the Fedora security response team using the fedora-security-list mailing list or for private requests, the security@ alias:
http://fedoraproject.org/wiki/Security/ResponseTeam#Contacting
Regards, Bryn.
On 07/05/2011 04:28 PM, Bryn M. Reeves wrote:
On 07/05/2011 07:42 PM, Genes MailLists wrote:
...
You can use the CVE numbers as a bugzilla alias to access these bugs:
Thanks for the tips - very useful- I did look at these - and I also looked in koji and ended here:
http://koji.fedoraproject.org/koji/buildinfo?buildID=251722
I -think- this has the fix based on the links you gave - at least it appears that P4 fixes this/these - but there are no comments for the build that explicitly say that CVE-2011-246[45] are fixed?
And the tracking bz is open ...
Still a bit confused whats fixed and whats not ... do I go upstream now to see if these are fixed by the P4 build?
Thanks!
On 07/05/2011 10:25 PM, Genes MailLists wrote:
http://koji.fedoraproject.org/koji/buildinfo?buildID=251722
I -think- this has the fix based on the links you gave - at least it appears that P4 fixes this/these - but there are no comments for the build that explicitly say that CVE-2011-246[45] are fixed?
No, don't see anything in the ChangeLog..
And the tracking bz is open ...
The BZ wouldn't close normally until the packages are actually released.
Still a bit confused whats fixed and whats not ... do I go upstream now to see if these are fixed by the P4 build?
Usually the ChangeLog lines for the bind package include a CVE number so I wouldn't generally want to assume that it did but the upstream advisories for both CVEs specifically mention 9.8.0-P4 as containing the fix:
http://www.isc.org/software/bind/advisories/cve-2011-2464 http://www.isc.org/software/bind/advisories/cve-2011-2465
Regards, Bryn.
On 07/05/2011 05:38 PM, Bryn M. Reeves wrote: ...
Usually the ChangeLog lines for the bind package include a CVE number so I wouldn't generally want to assume that it did but the upstream advisories for both CVEs specifically mention 9.8.0-P4 as containing the fix:
http://www.isc.org/software/bind/advisories/cve-2011-2464 http://www.isc.org/software/bind/advisories/cve-2011-2465
Regards, Bryn.
Thanks - I recalled too that the CVE's usually ended up in the changelog ... its all clear now :-)
thank you!
-
Bryn M. Reeves -
Genes MailLists -
mike cloaked