[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#690569: Bug#690142: remote named DoS on recursor (CVE-2012-5166) and Bug#690569 (DNS wildcards fail to resolve with DNSSEC enabled)

On Wed, Oct 17, 2012 at 10:22 PM, Matthew Grant wrote:
> On Wed, Oct 17, 2012 at 1:57 PM, Michael Gilbert
>> No.  We're in the freeze now.  Fixes need to be backported.
>
>
> If backporting a fix is not possible with the certainty of no introduced
> bugs,  we have no choice.
>
> Debian Bind9 cannot ship with a basic DNS protocol handling error. As it
> stands it is severely broken in the resolver.  DNSSEC on the Internet is now
> a must.

Do a diff (on the 9.8 tarballs), and try to isolate the code fixing
this problem.  You seem to have a lot of interest in this, so try to
spend some time looking at it.

> My case is put.  Could the security team please help to determine what to
> do.

If you want to bump the upstream version, that is the release team's
call.  You should ask them.

Best wishes,
Mike
Reply to: