Hi Salvatore, my only comment is: thank you for filing this as I thought I already did that, but apparently not. It is absolutely going to be useful to start with latest upstream version as there is a CVE fixed in 9.20.11-1
+ [CVE2025-40777]: Fix a possible assertion failure when stale-answer-client-timeout is set to 0. Ondrej -- Ondřej Surý (He/Him) ond...@sury.org > On 23. 7. 2025, at 9:24, Salvatore Bonaccorso <car...@debian.org> wrote: > > Package: release.debian.org > Severity: normal > X-Debbugs-Cc: bi...@packages.debian.org, Ondřej Surý <ond...@debian.org>, > car...@debian.org, t...@security.debian.org > Control: affects -1 + src:bind9 > User: release.debian....@packages.debian.org > Usertags: unblock > > Hi Release team, hi Ondrej, > > Approaching you with getting input from Ondrej. bind9/1:9.20.11-1 > fixes CVE-2025-40777. Ad bind9 is updated via the supported upstream > versions in stable, that wuould mean for trxie we would ideally get in > the fixed version. > > Ondrej, do you have something to add here or can you please comment on > allowing bind9/1:9.20.11-1 into trixie? > > Regards, > Salvatore
