On 07/06/11 16:21, Borgia, Joe A CTR USAF AFMC AFRL/RIOS wrote: > BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can > find no vulnerabilities listed on the ISC Security Advisories pages. Am > I missing something?
Yes. :-( https://www.isc.org/software/bind/security/matrix CVE-2010-3614 - Key algorithm rollover bug in BIND 9 CVE-2010-3613 - cache incorrectly allows an ncache entry and an RRSIG for the same type https://www.isc.org/software/bind/advisories/cve-2010-3614 https://www.isc.org/software/bind/advisories/cve-2010-3613 If you did a website search for 9.6.1-P3, you wouldn't have found these two because the "Versions affected:" lists a range. We're trying to list all versions explicitly in newer advisories to make things a bit clearer - but if a problem affects all BIND9 versions, that makes it a bit challenging! We're also pondering on how to make the matrix more readable/useful without losing the detail that we think people want/need - possibly by splitting it into several (e.g. 9.8 versions, 9.7 versions and so on). Hope this helps anyway. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
