These announcements for BIND 9.4.3-P5, 9.5.1-P2 and 9.6.1-P3 say
BIND 9.x.x-Px is a SECURITY PATCH for BIND 9.x.x. It addresses two potential cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid.
But the CHANGES files list *three* security fixes (2827, 2828 & 2831), none of which seem to be superficially the "same" vulnerability. So is the "two" above a mistake? -- Chris Thompson Email: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
