tech-security: bind-9.2.1 in pkg-vulnerabilities

Subject: bind-9.2.1 in pkg-vulnerabilities
To: None <tech-security@netbsd.org>
From: Chris Jones <chris@cjones.org>
List: tech-security
Date: 09/03/2002 16:52:59

For a few days now, I've been receiving warnings claiming that 
bind-9.2.1 is vulnerable to an attack described at 
<http://www.cert.org/advisories/CA-2002-15.html>.  But the advisory at 
that location rather clearly states that bind-9.2.1 is the first 
*non*-vulnerable version.  Is the pkg-vulnerabilities file wrong, or is 
the advisory?

 From the commit message, it would appear that the vulnerabilities file 
is wrong.

Chris

-- 
------------------------------------------------- chris@cjones.org
Chris Jones                                       Mad scientist at large
   www.netbsd.org www.postgresql.org www.schemers.org www.python.org