updated bind for: CVE-2011-2464 / CVE-2011-2465
Bryn M. Reeves
bmr at redhat.com
Tue Jul 5 21:38:02 UTC 2011
On 07/05/2011 10:25 PM, Genes MailLists wrote:
> http://koji.fedoraproject.org/koji/buildinfo?buildID=251722
>
> I -think- this has the fix based on the links you gave - at least it
> appears that P4 fixes this/these - but there are no comments for the
> build that explicitly say that CVE-2011-246[45] are fixed?
No, don't see anything in the ChangeLog..
> And the tracking bz is open ...
The BZ wouldn't close normally until the packages are actually released.
> Still a bit confused whats fixed and whats not ... do I go upstream
> now to see if these are fixed by the P4 build?
Usually the ChangeLog lines for the bind package include a CVE number so I
wouldn't generally want to assume that it did but the upstream advisories for
both CVEs specifically mention 9.8.0-P4 as containing the fix:
http://www.isc.org/software/bind/advisories/cve-2011-2464
http://www.isc.org/software/bind/advisories/cve-2011-2465
Regards,
Bryn.
More information about the users
mailing list