On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: > testing currently has bind9 version 1:9.9.5.dfsg-5 > > Upstream released 9.9.6 fixing some bugs with an impact on compatibility > and at least one appears to be security related > "Corrected bugs in the handling of wildcard records by the DNSSEC > validator: invalid wildcard expansions could be treated as valid if > signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD > bit set incorrectly in responses. [RT #37093] [RT #37072]"
Generally speaking, I have found the fix-level updates to bind to be very safe and sane, although sometimes they are somewhat large. I have not looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to see them do anything in a fix-release than, well, fix things. I would recommend 9.9.6 for the upstream fixes. If that's good, I should be able to upload it tonight. lamont -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141117181932.ga32...@mix.mmjgroup.com