On Sat, Nov 20, 2010 at 06:11:40PM +0100, Julien Cristau wrote:
> On Mon, Nov 8, 2010 at 19:50:19 +0000, Adam D. Barratt wrote:
>
> > On Mon, 2010-11-08 at 18:52 +0100, Moritz Muehlenhoff wrote:
> > > Please unblock package bind9. It fixes CVE-2010-3752.
> >
> > 2010-37*6*2 :-)
> >
> > > Any questions why a new upstream version was uploaded need to be
> > > directed to Lamont :-)
> >
> > Not just a new upstream, but one including SONAME changes (thankfully
> > not in any of the libraries that have reverse dependencies) and reverts
> > a switch to "3.0 (quilt)" producing stuff like
> >
> > bind9-9.7.2.dfsg.P2/debian/patches/debian-changes-1:9.7.1.dfsg.P2-2 |83440
> > ----------
> >
> > That's going to be "interesting" to review...
> >
> Lamont, would it be possible to prepare an upload fixing just the
> security bug for squeeze (so based on 1:9.7.1.dfsg.P2-2)?
I looked into it a bit, but couldn't pinpoint the exact changes for
CVE-2010-3752 (not with a certainty to not mess up DNSSEC).
I'll give it another go in the next days.
OTOH, 9.7.2 has been in unstable for three weeks w/o any reports of regressions,
so it might not be the worst choice to unblock it. We've had way scarier
Bind changes to cope with DNSSEC even inside stable, see DSA-2054.
[ There also have been soname changes in stable security fixes in the
past, they're all internal to Bind, though. ]
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
