pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/bind95



Module Name:    pkgsrc
Committed By:   spz
Date:           Thu Jan 21 19:42:16 UTC 2010

Modified Files:
        pkgsrc/net/bind95: Makefile distinfo

Log Message:
security update:
BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.5.2-P1:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/bind95/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index