CVS commit: [pkgsrc-2009Q4] pkgsrc/net/bind95

[Matthias Scheler <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Thu Jan 21 21:11:20 UTC 2010

Modified Files:
        pkgsrc/net/bind95 [pkgsrc-2009Q4]: Makefile distinfo

Log Message:
Pullup ticket #2965 - requested by spz
bind95: security update

Revisions pulled up:
- net/bind95/Makefile                   1.16 via patch
- net/bind95/distinfo                   1.12
---
Module Name:    pkgsrc
Committed By:   spz
Date:           Thu Jan 21 19:42:16 UTC 2010

Modified Files:
        pkgsrc/net/bind95: Makefile distinfo

Log Message:
security update:
BIND 9.5.2-P2 is a SECURITY PATCH for BIND 9.5.2.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.5.2-P1:

2831.   [security]      Do not attempt to validate or cache
                        out-of-bailiwick data returned with a secure
                        answer; it must be re-fetched from its original
                        source and validated in that context. [RT #20819]

2828.   [security]      Cached CNAME or DNAME RR could be returned to clients
                        without DNSSEC validation. [RT #20737]

2827.   [security]      Bogus NXDOMAIN could be cached as if valid. [RT #20712]


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.2.1 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/net/bind95/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.