[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

bind9/wheezy-backports: missing security updates?



Hi,

I noticed wheezy-backports has bind9 version 1:9.9.5.dfsg-4~bpo70+1, but
there are security updates included in a later version:

+---
| bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
|
|   * Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
|     issues that can lead to denial-of-service (closes: #772610).
|
|  -- Michael Gilbert <mgilbert@debian.org>  Sun, 14 Dec 2014 05:05:48 +0000
+---

Without looking further at this I would expect the version currently in
backports to be vulnerable.

Ansgar


Reply to: