Control: severity -1 important Control: tags -1 + wontfix Control: tags -1 - patch
Hi Dominik, > I discovered the following security bug in bind9 a few weeks ago, and > responsibly disclosed it to the ISC security officer. Unfortunately, until > today they did not acknowledge it is a security issue - in contrast, they > proved that they do not fully understand the issue, and now have added a new > feature in the 9.11.4.P2 release which wrongly addresses this security > issue. While I totally understand your frustration with upstream in regards to handling this, I'm sure you agree diverging from upstream on this would create a lot more problems than it solves. If you supplied a patch to NEWS.Debian explaining this and the proper way to mitigate it (use the newly introduced krb5-subself) I'm sure we could include it for Buster. Bernhard
