Re: bind9: CVE-2018-5743

To: debian-security@lists.debian.org
Subject: Re: bind9: CVE-2018-5743
From: "Shaun Bugler - Hetzner (Pty) Ltd" <sb@hetzner.co.za>
Date: Thu, 23 May 2019 08:49:42 +0200
Message-id: <[🔎] 9dbd4fc6-40db-0841-b96e-316d0690c7ba@hetzner.co.za>
In-reply-to: <[🔎] CAObvaLkoqTVG5OdsArR94kmM2zg88r6LpVeMysj_euWYugH8ng@mail.gmail.com>
References: <[🔎] CAObvaLkoqTVG5OdsArR94kmM2zg88r6LpVeMysj_euWYugH8ng@mail.gmail.com>

On 09-May-19 09:33 AM, Markus Wollny wrote:

Hello,

Is there an ETA on the fix for this bind9 vulnerability to be
available for Debian Stretch yet?

I see LTS (jessie) is still marked as vulnerable, the DLA needed doc indicates a test package was ready on 12 May, are there issues around it's release?


https://security-tracker.debian.org/tracker/CVE-2018-5743 says that
the stable branch is still vulnerable (fixed in buster/sid only), even
though the Debian bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 is already
marked as closed.

I admit I am not all too familiar with usual Debian security
procedures in such cases, but as the bug is rated with a severity
rating of grave and it's now two weeks since the public disclosure, I
am starting to feel a little worried.

Kind regards

  Markus

--
Kind Regards,

Shaun Bugler
System Administrator
Hetzner (Pty) Ltd

SA Contact Centre: 0861 0861 08
International: +27 21 970 2000

Website: hetzner.co.za
Disclaimer: hetzner.co.za/email-disclaimer

Reply to:

Follow-Ups:
- Re: bind9: CVE-2018-5743
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

References:
- bind9: CVE-2018-5743
  - From: Markus Wollny <markus.wollny@gmail.com>

Prev by Date: IBRS security cpu models not available in libvirt0 on debian stretch
Next by Date: Re: cancel
Previous by thread: Re: bind9: CVE-2018-5743
Next by thread: Re: bind9: CVE-2018-5743
Index(es):
- Date
- Thread