Path to this page:
Subject: CVS commit: [pkgsrc-2017Q1] pkgsrc/net/bind99
From: Benny Siegert
Date: 2017-04-13 13:54:13
Message id: 20170413115414.08BC2FBE4@cvs.NetBSD.org
Log Message:
Pullup ticket #5273 - requested by taca
net/bind99: security fix
Revisions pulled up:
- net/bind99/Makefile 1.66
- net/bind99/distinfo 1.44
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 13 01:53:35 UTC 2017
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).
Quote from release announce:
BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
for the root zone.
Quote from CHANGELOG:
--- 9.9.9-P8 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
--- 9.9.9-P7 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
Files: