Hi, > > > Nor will it affect Debian, since I won't be uploading the affected > > > version. > > > > There are _two_ issues, one of which affects sid/squeeze; CVE-2010-3752.
No, CVE-2010-37_6_2 :) As maintainer marked, it's fixed in unstable. Usually, we should pick it up from unstable and make smallest patch for squeeze, however - upstream also released BIND 9.7.2-P3 that has at least 3 security fixes. CVE-2010-3613, CVE-2010-3614 and CVE-2010-3615. So there is a choise - make all cherry-pick patch for squeeze or push BIND 9.7.2-P3 to squeeze. I think pushing new release is better because it can reduce difference with upstream. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
