Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
On Mon, 1 Jul 2002 13:02:34 +0100
Sam Vilain <firstname.lastname@example.org> wrote:
> "J.H.M. Dassen (Ray)" <email@example.com> wrote:
> > > Does anyone know if this affects Debian?
> > This has been fixed; see http://bugs.debian.org/151342 for details.
> Excellent. To summarise that bug report for the benefit of those
> interested, if you are running any of the following packages:
> bind9 bind9-host libbind-dev libdns5 libisc4
> liblwres1 libisccc0 ibisccfg0 dnsutils lwresd
> They should be version 9.2.1-3 or higher, which were uploaded to unstable
> approximately 6 hours ago (Mon, 1 Jul 2002 00:16:31 -0600).
> bind 8 is also vulnerable (see http://bugs.debian.org/151247)
> If you are running any of the the following packages:
> bind bind-dev
> Then you need version 8.3.3-1 or higher, which were uploaded to unstable
> approximately 12 hours ago (Sun, 30 Jun 2002 21:48:10 -0600).
> The fixed packages do not appear to be available yet on
With bind: 9_9.2.1-3.diff.gz, bind9_9.2.1-3.dsc from incoming.debian.org and the bind*.tar from pool dpkg-source and dpkg-buildpackage built me the packages today for i386.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com