On Jun 10 2011, Mark Andrews wrote:
In message <201106100709.qaa04...@osspc4.sra.co.jp>, YABUKI Youichi writes:
The BIND security advisory for CVE-2011-1910 does not mention
about versions 9.7.0, 9.7.0-P1 and 9.7.0-P2.
Does the CVE-2011-1910 vulnerability affect these versions?
No, they are not affected.
Then the advice I got from someone else at ISC, that if
if (r.length < 2)
return (ISC_R_NOSPACE);
occurs c. line 188 in lib/dns/ncache.c (as opposed to "r.length < 3"),
then the version is vulnerable, was not complete? Because the 9.7.0*
versions certainly have that code.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
