Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote:
> testing currently has bind9 version 1:9.9.5.dfsg-5
>
> Upstream released 9.9.6 fixing some bugs with an impact on compatibility
> and at least one appears to be security related
> "Corrected bugs in the handling of wildcard records by the DNSSEC
> validator: invalid wildcard expansions could be treated as valid if
> signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD
> bit set incorrectly in responses. [RT #37093] [RT #37072]"
Generally speaking, I have found the fix-level updates to bind to be very
safe and sane, although sometimes they are somewhat large. I have not
looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to
see them do anything in a fix-release than, well, fix things.
I would recommend 9.9.6 for the upstream fixes. If that's good, I
should be able to upload it tonight.
lamont
Reply to: