On 07/05/2011 10:25 PM, Genes MailLists wrote: > http://koji.fedoraproject.org/koji/buildinfo?buildID=251722 > > I -think- this has the fix based on the links you gave - at least it > appears that P4 fixes this/these - but there are no comments for the > build that explicitly say that CVE-2011-246[45] are fixed?
No, don't see anything in the ChangeLog.. > And the tracking bz is open ... The BZ wouldn't close normally until the packages are actually released. > Still a bit confused whats fixed and whats not ... do I go upstream > now to see if these are fixed by the P4 build? Usually the ChangeLog lines for the bind package include a CVE number so I wouldn't generally want to assume that it did but the upstream advisories for both CVEs specifically mention 9.8.0-P4 as containing the fix: http://www.isc.org/software/bind/advisories/cve-2011-2464 http://www.isc.org/software/bind/advisories/cve-2011-2465 Regards, Bryn. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
