Next | Query returned 2 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2016-03-11 10:51:11 by Benny Siegert | Files touched by this commit (2)
Log message:
Pullup ticket #4950 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                           1.54
- net/bind99/distinfo                                           1.37

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Mar 10 00:50:35 UTC 2016

   Modified Files:
   	pkgsrc/net/bind99: Makefile distinfo

   Log message:
   Update bind99 package to 9.9.8pl4 (BIND 9.9.8-P4).

   	--- 9.9.8-P4 released ---

   4319.	[security]	Fix resolver assertion failure due to improper
   			DNAME handling when parsing fetch reply messages.
   			(CVE-2016-1286) [RT #41753]

   4318.	[security]	Malformed control messages can trigger assertions
   			in named and rndc. (CVE-2016-1285) [RT #41666]
   2016-01-20 20:33:53 by Benny Siegert | Files touched by this commit (2)
Log message:
Pullup ticket #4902 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                           1.51
- net/bind99/distinfo                                           1.36

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jan 20 02:17:12 UTC 2016

   Modified Files:
           pkgsrc/net/bind99: Makefile distinfo

   Log message:
   Update bind99 to 9.9.8pl3 (BIND 9.9.8-P3).

   Security Fixes

        * Specific APL data could trigger an INSIST. This flaw was discovered
          by Brian Mitchell and is disclosed in CVE-2015-8704. [RT #41396]
        * Named is potentially vulnerable to the OpenSSL vulnerabilty
          described in CVE-2015-3193.
        * Insufficient testing when parsing a message allowed records with an
          incorrect class to be be accepted, triggering a REQUIRE failure
          when those records were subsequently cached. This flaw is disclosed
          in CVE-2015-8000. [RT #40987]
        * Incorrect reference counting could result in an INSIST failure if a
          socket error occurred while performing a lookup. This flaw is
          disclosed in CVE-2015-8461. [RT#40945]

   New Features

        * None

   Feature Changes

        * Updated the compiled in addresses for H.ROOT-SERVERS.NET.

   Bug Fixes

        * Authoritative servers that were marked as bogus (e.g. blackholed in
          configuration or with invalid addresses) were being queried anyway.
          [RT #41321]

Next | Query returned 2 messages, browsing 1 to 10 | previous