From b5867d93ae9c2264b4cd9bce07623eb45f53c668 Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Thu, 3 Dec 2009 13:19:27 -0300 Subject: Bump bind to 9.5.2-P1 Closes #773. Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)." Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- CHANGES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 904bb48f0..a40fd396e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,7 @@ 2010.02, Not yet released: - Updated/fixed packages: autoconf, binutils, busybox, lighttpd, pcre + Updated/fixed packages: autoconf, bind, binutils, busybox, iw, + lighttpd, pcre, usbutils Issues resolved (http://bugs.uclibc.org): @@ -11,6 +12,7 @@ #763: [SECURITY] Update pcre to 7.9 #765: Add buildroot branding to gcc #767: Bump iw package to 0.9.18 + #773: [SECURITY] Update bind to 9.5.2-P1 2009.11, Released December 1st, 2009: -- cgit v1.2.3