Back in May we began experimenting with a new policy of pre-notification concerning upcoming security releases. At that time we wrote:
"After observing the use of this practice by some other open-source projects, we here at ISC have decided to amend our security policy to allow, at our discretion, limited pre-announcement of pending security vulnerability disclosures." Our first pre-notification experiment was well-received and we have decided to continue the practice. We therefore are writing to inform you that the August BIND maintenance releases that will be released on Thursday, 20 August, contain patches for five separate vulnerabilities. Further details about the vulnerabilities will be publicly disclosed at the time the releases are published on Thursday. It is our hope that this pre-announcement will aid BIND operators in planning to respond to that disclosure when it occurs. Michael McNally ISC Security Officer P.S.: if you have feedback or questions concerning this policy, kindly direct them to security-offi...@isc.org _______________________________________________ bind-announce mailing list bind-announce@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-announce