[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9: CVE-2018-5743



On Thu, 09 May 2019, Markus Wollny wrote:
> Is there an ETA on the fix for this bind9 vulnerability to be
> available for Debian Stretch yet?

It is already available.

> https://security-tracker.debian.org/tracker/CVE-2018-5743 says that
> the stable branch is still vulnerable (fixed in buster/sid only), even
> though the Debian bug report
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 is already
> marked as closed.

Currently, it lists the issue as fixed in the *security* update archive
for stable (stretch-security).   This means the fix has been released to
stable (the current stable is "stretch").

You get timely security updates through the <stable>-security archive.

Packages move from <stable>-security to stable only on stable point
releases, which happen every 3-5 months, so that we can generate a new
set of install-from-CD/DVD/FLASH images that have up-to-date packages
and drain the -security archive, which is not as extensively mirrored as
the other archives.

Note that the installer will update all packages during the install
process and has the security archives enabled by default.

-- 
  Henrique Holschuh


Reply to: