Hi, On Sat, May 20, 2017 at 04:57:52PM +0200, Thorsten Alteholz wrote: > Hi everybody, > > I uploaded version 9.8.4.dfsg.P1-6+nmu2+deb7u16 of bind9 to: > > https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/ > > Please give it a try and tell me about any problems you met.
I've tested the package on a nameserver authoritive for some zones also using dnssec and on a caching configuration using IPv4 and IPv6 with no ill effects so far. Cheers, -- Guido > > Thanks! > Thorsten > > > > * Dns64 with "break-dnssec yes;" can result in a assertion failure. > (CVE-2017-3136) > * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190. > If not cherry-picking this change the fix for CVE-2017-3137 can cause an > assertion failure to appear in name.c. > * Some chaining (CNAME or DNAME) responses to upstream queries could trigger > assertion failures (CVE-2017-3137) > * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries > could trigger assertion failures. (CVE-2017-3137) > * Fix regression introduced when handling CNAME to referral below the > current domain > * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138) > > >
