[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy-specific bind9 issue

Hi Florian,

On Wed, 28 Sep 2016, Florian Weimer wrote:

While trying to write a reproducer for CVE-2016-2776, I discovered
that the 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 version in wheezy would crash,
while unpatched jessie and upstream would not:


This might be due to an incomplete fix for CVE-2015-5477.  If the
entire fix is missing, you can probably reuse the CVE ID.  If not,
please let us know, and we'll assign a new ID once you have a patch.

according to [1] the fix for CVE-2015-5477 is just one line, which is applied correctly in 9.8.4.dfsg.P1-6+nmu2+deb7u6. Also 9.8.4.dfsg.P1-6+nmu2+deb7u2 crashes as well with your script, so this seems to be a different problem.


[1] https://kb.isc.org/getAttach/118/AA-01272/cve-2015-5477.patch.txt

Reply to: