> on the ISC website i don't see that the 9.4-ESV-R4-P1 is affected by the > CVE-2011-2464 is it because it's not really affected? or it's affected > but i don't see it on "versions affected" because the 9.4-ESV-R4-P1 has > it's EOL date to jun2011.
To be very precise with my language: It is not *exposed*. The issue has two layers. First, there's an underlying bug that's been dormant in our code for a very long time, but there was no way to trigger it... and, second, there's the trigger. Actually, there are two separate triggers: one was introduced in 9.6 and another in 9.7. Neither of them is in any version of 9.4. So, we *will* be releasing 9.4-ESV-R5 soon, and it contains a fix for the underlying bug. But we didn't release a patch today because there's no trigger. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
