Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1

To: Julien Cristau <jcristau@debian.org>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 602839@bugs.debian.org, Moritz Muehlenhoff <jmm@debian.org>, bind9@packages.debian.org
Subject: Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 30 Nov 2010 23:52:22 +0100
Message-id: <[🔎] 20101130225222.GA6144@galadriel.inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 602839@bugs.debian.org
In-reply-to: <[🔎] 20101120171140.GQ5063@radis.liafa.jussieu.fr>
References: <[🔎] 20101108175227.2663.91483.reportbug@localhost.localdomain> <[🔎] 1289245819.32071.85.camel@hathi.jungle.funky-badger.org> <[🔎] 20101120171140.GQ5063@radis.liafa.jussieu.fr>

On Sat, Nov 20, 2010 at 06:11:40PM +0100, Julien Cristau wrote:
> On Mon, Nov  8, 2010 at 19:50:19 +0000, Adam D. Barratt wrote:
> 
> > On Mon, 2010-11-08 at 18:52 +0100, Moritz Muehlenhoff wrote:
> > > Please unblock package bind9. It fixes CVE-2010-3752.
> > 
> > 2010-37*6*2 :-)
> > 
> > > Any questions why a new upstream version was uploaded need to be
> > > directed to Lamont :-)
> > 
> > Not just a new upstream, but one including SONAME changes (thankfully
> > not in any of the libraries that have reverse dependencies) and reverts
> > a switch to "3.0 (quilt)" producing stuff like
> > 
> > bind9-9.7.2.dfsg.P2/debian/patches/debian-changes-1:9.7.1.dfsg.P2-2 |83440 ----------
> > 
> > That's going to be "interesting" to review...
> > 
> Lamont, would it be possible to prepare an upload fixing just the
> security bug for squeeze (so based on 1:9.7.1.dfsg.P2-2)?

I looked into it a bit, but couldn't pinpoint the exact changes for 
CVE-2010-3752 (not with a certainty to not mess up DNSSEC).
I'll give it another go in the next days.

OTOH, 9.7.2 has been in unstable for three weeks w/o any reports of regressions,
so it might not be the worst choice to unblock it. We've had way scarier
Bind changes to cope with DNSSEC even inside stable, see DSA-2054.

[ There also have been soname changes in stable security fixes in the
past, they're all internal to Bind, though. ]

Cheers,
        Moritz

Reply to:

References:
- Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#605519: RM: aircrack-ng/1:1.0~rc3-2
Next by Date: Re: emacsen-common: bugfix for squeeze
Previous by thread: Bug#602839: unblock: bind9/1:9.7.2.dfsg.P2-1
Next by thread: Re: Please unblock ia32-libs/20101012
Index(es):
- Date
- Thread