Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?

To: Daniel Pocock <daniel@pocock.pro>, 769583@bugs.debian.org
Subject: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
From: LaMont Jones <lamont@debian.org>
Date: Mon, 17 Nov 2014 11:19:32 -0700
Message-id: <[🔎] 20141117181932.GA32179@mix.mmjgroup.com>
Reply-to: LaMont Jones <lamont@debian.org>, 769583@bugs.debian.org
In-reply-to: <[🔎] 546649B2.9030101@pocock.pro>
References: <[🔎] 546649B2.9030101@pocock.pro>

On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote:
> testing currently has bind9 version 1:9.9.5.dfsg-5
> 
> Upstream released 9.9.6 fixing some bugs with an impact on compatibility
> and at least one appears to be security related
> "Corrected bugs in the handling of wildcard records by the DNSSEC
> validator: invalid wildcard expansions could be treated as valid if
> signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD
> bit set incorrectly in responses. [RT #37093] [RT #37072]"

Generally speaking, I have found the fix-level updates to bind to be very
safe and sane, although sometimes they are somewhat large.  I have not
looked at 9.9.6 yet, but I expect it's in the same vein.  It is rare to
see them do anything in a fix-release than, well, fix things.

I would recommend 9.9.6 for the upstream fixes.  If that's good, I
should be able to upload it tonight.

lamont

Reply to:

Follow-Ups:
- Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
  - From: Niels Thykier <niels@thykier.net>

References:
- Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
  - From: Daniel Pocock <daniel@pocock.pro>

Prev by Date: Bug#767945: unblock: nvidia-graphics-drivers/340.46-4
Next by Date: Bug#769709: pre-approval: perl/5.20.1-3
Previous by thread: Processed: Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Next by thread: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Index(es):
- Date
- Thread