On Sat, Nov 20, 2010 at 06:11:40PM +0100, Julien Cristau wrote: > On Mon, Nov 8, 2010 at 19:50:19 +0000, Adam D. Barratt wrote: > > > On Mon, 2010-11-08 at 18:52 +0100, Moritz Muehlenhoff wrote: > > > Please unblock package bind9. It fixes CVE-2010-3752. > > > > 2010-37*6*2 :-) > > > > > Any questions why a new upstream version was uploaded need to be > > > directed to Lamont :-) > > > > Not just a new upstream, but one including SONAME changes (thankfully > > not in any of the libraries that have reverse dependencies) and reverts > > a switch to "3.0 (quilt)" producing stuff like > > > > bind9-9.7.2.dfsg.P2/debian/patches/debian-changes-1:9.7.1.dfsg.P2-2 |83440 > > ---------- > > > > That's going to be "interesting" to review... > > > Lamont, would it be possible to prepare an upload fixing just the > security bug for squeeze (so based on 1:9.7.1.dfsg.P2-2)?
I looked into it a bit, but couldn't pinpoint the exact changes for CVE-2010-3752 (not with a certainty to not mess up DNSSEC). I'll give it another go in the next days. OTOH, 9.7.2 has been in unstable for three weeks w/o any reports of regressions, so it might not be the worst choice to unblock it. We've had way scarier Bind changes to cope with DNSSEC even inside stable, see DSA-2054. [ There also have been soname changes in stable security fixes in the past, they're all internal to Bind, though. ] Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org