Re: Bug#690569: Bug#690142: remote named DoS on recursor (CVE-2012-5166) and Bug#690569 (DNS wildcards fail to resolve with DNSSEC enabled)
On Wed, Oct 17, 2012 at 10:22 PM, Matthew Grant wrote:
> On Wed, Oct 17, 2012 at 1:57 PM, Michael Gilbert
>> No. We're in the freeze now. Fixes need to be backported.
> If backporting a fix is not possible with the certainty of no introduced
> bugs, we have no choice.
> Debian Bind9 cannot ship with a basic DNS protocol handling error. As it
> stands it is severely broken in the resolver. DNSSEC on the Internet is now
> a must.
Do a diff (on the 9.8 tarballs), and try to isolate the code fixing
this problem. You seem to have a lot of interest in this, so try to
spend some time looking at it.
> My case is put. Could the security team please help to determine what to
If you want to bump the upstream version, that is the release team's
call. You should ask them.