Bug#695192: bind9: CVE-2012-5688
On Thu, Dec 13, 2012 at 03:38:31PM +1300, Matthew Grant wrote: Why does the Wheezy release team have its nose so stuck up about a minor upstream version number? 9.8.4-P1 IS ISC's official bug fixed release of the 9.8.x source tree , INCLUDING 9.8.1* Don't drive the security maintainers into loops about unsupported code in an upcoming stable release! Sheesh, some time dogged adherence to policy is NOT achieving our main end results. And then we're talking about a version that does this over the version in testing: 2248 files changed, 71094 insertions(+), 36757 deletions(-) And about software whose bug tracking system and VCS are both proprietary. So one cannot even sanely review it as the context information from the RT tickets is not publically available. Also I don't think your mail is helpful in any way. Kind regards Philipp Kern -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695192: bind9: CVE-2012-5688
On Wed, Dec 05, 2012 at 05:25:36AM -0700, LaMont Jones wrote: On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote: Package: bind9 Severity: grave Tags: security Justification: user security hole Please see https://kb.isc.org/article/AA-00828 Stable is not affected. This needs to be fixed through testing-proposed-updates, since the testing and unstable packages have diverged and won't be updated that late in the freeze. I've been holding unstable at 9.8 in the hope that it might make it into testing. ISC has quit supporting 9.8.1, I'd like to as well. I'll look into the backport soon, if the security team doesn't beat me to it. LaMont, can you upload a version targeted at testing-proposed-updates based on 1:9.8.1.dfsg.P1-4.4 ? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695192: bind9: CVE-2012-5688
Why does the Wheezy release team have its nose so stuck up about a minor upstream version number? 9.8.4-P1 IS ISC's official bug fixed release of the 9.8.x source tree , INCLUDING 9.8.1* Don't drive the security maintainers into loops about unsupported code in an upcoming stable release! Sheesh, some time dogged adherence to policy is NOT achieving our main end results. Cheers, Matthew Grant On Thu, Dec 13, 2012 at 6:52 AM, Moritz Muehlenhoff j...@inutil.org wrote: On Wed, Dec 05, 2012 at 05:25:36AM -0700, LaMont Jones wrote: On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote: Package: bind9 Severity: grave Tags: security Justification: user security hole Please see https://kb.isc.org/article/AA-00828 Stable is not affected. This needs to be fixed through testing-proposed-updates, since the testing and unstable packages have diverged and won't be updated that late in the freeze. I've been holding unstable at 9.8 in the hope that it might make it into testing. ISC has quit supporting 9.8.1, I'd like to as well. I'll look into the backport soon, if the security team doesn't beat me to it. LaMont, can you upload a version targeted at testing-proposed-updates based on 1:9.8.1.dfsg.P1-4.4 ? Cheers, Moritz
Bug#695192: bind9: CVE-2012-5688
Package: bind9 Severity: grave Tags: security Justification: user security hole Please see https://kb.isc.org/article/AA-00828 Stable is not affected. This needs to be fixed through testing-proposed-updates, since the testing and unstable packages have diverged and won't be updated that late in the freeze. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695192: bind9: CVE-2012-5688
On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote: Package: bind9 Severity: grave Tags: security Justification: user security hole Please see https://kb.isc.org/article/AA-00828 Stable is not affected. This needs to be fixed through testing-proposed-updates, since the testing and unstable packages have diverged and won't be updated that late in the freeze. I've been holding unstable at 9.8 in the hope that it might make it into testing. ISC has quit supporting 9.8.1, I'd like to as well. I'll look into the backport soon, if the security team doesn't beat me to it. lamont -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
