Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

bind9: CVE-2012-5688

Related Vulnerabilities: CVE-2012-5688  

Source

Debian Bug report logs - #695192
bind9: CVE-2012-5688

version graph

Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@tracker.debian.org>; Source for bind9 is src:bind9 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 5 Dec 2012 08:36:02 UTC

Severity: grave

Tags: security

Found in version bind9/1:9.8.1.dfsg.P1-4.3

Fixed in versions bind9/1:9.8.4.dfsg.P1-1, bind9/1:9.9.2.dfsg.P1-1

Done: LaMont Jones <lamont@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>:
Bug#695192; Package bind9. (Wed, 05 Dec 2012 08:36:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>. (Wed, 05 Dec 2012 08:36:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bind9: CVE-2012-5688
Date: Wed, 05 Dec 2012 09:31:00 +0100
Package: bind9
Severity: grave
Tags: security
Justification: user security hole

Please see https://kb.isc.org/article/AA-00828

Stable is not affected. This needs to be fixed through testing-proposed-updates,
since the testing and unstable packages have diverged and won't be updated that
late in the freeze.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#695192; Package bind9. (Wed, 05 Dec 2012 12:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to LaMont Jones <lamont@debian.org>:
Extra info received and forwarded to list. (Wed, 05 Dec 2012 12:39:03 GMT) (full text, mbox, link).

Message #10 received at 695192@bugs.debian.org (full text, mbox, reply):

From: LaMont Jones <lamont@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 695192@bugs.debian.org
Subject: Re: Bug#695192: bind9: CVE-2012-5688
Date: Wed, 5 Dec 2012 05:25:36 -0700
On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote:
> Package: bind9
> Severity: grave
> Tags: security
> Justification: user security hole
> Please see https://kb.isc.org/article/AA-00828
> Stable is not affected. This needs to be fixed through testing-proposed-updates,
> since the testing and unstable packages have diverged and won't be updated that
> late in the freeze.

I've been holding unstable at 9.8 in the hope that it might make it into
testing.  ISC has quit supporting 9.8.1, I'd like to as well.

I'll look into the backport soon, if the security team doesn't beat me to it.

lamont

Reply sent to LaMont Jones <lamont@debian.org>:
You have taken responsibility. (Thu, 06 Dec 2012 11:51:16 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Thu, 06 Dec 2012 11:51:16 GMT) (full text, mbox, link).

Message #15 received at 695192-close@bugs.debian.org (full text, mbox, reply):

From: LaMont Jones <lamont@debian.org>
To: 695192-close@bugs.debian.org
Subject: Bug#695192: fixed in bind9 1:9.9.2.dfsg.P1-1
Date: Thu, 06 Dec 2012 11:49:09 +0000
Source: bind9
Source-Version: 1:9.9.2.dfsg.P1-1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695192@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 Dec 2012 05:27:18 -0700
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns95 libisc92 liblwres90 libisccc90 libisccfg90 dnsutils lwresd
Architecture: all amd64 i386 source
Version: 1:9.9.2.dfsg.P1-1
Distribution: experimental
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Closes: 695192
Description: 
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9      - Internet Domain Name Server
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind9-90 - BIND9 Shared Library used by BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libdns95   - DNS Shared Library used by BIND
 libisc92   - ISC Shared Library used by BIND
 libisccc90 - Command Channel Library used by BIND
 libisccfg90 - Config File Handling Library used by BIND
 liblwres90 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Changes: 
 bind9 (1:9.9.2.dfsg.P1-1) experimental; urgency=low
 .
   * Named could die on specific queries with dns64 enabled.
     [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
     CVE-2012-5688  Closes: #695192
Checksums-Sha1: 
 bb96defd3f1e1bb684c4fd95d0400a6b982b4480 1942 bind9_9.9.2.dfsg.P1-1.dsc
 cd3867f2efa11c21ac54b202c5c1961774ab9396 7410647 bind9_9.9.2.dfsg.P1.orig.tar.gz
 e62db70c2e11b9567166d9888698a60258040daf 594888 bind9_9.9.2.dfsg.P1-1.diff.gz
 370b34a8fa0328709fe16963a569665d4173683d 374338 bind9-doc_9.9.2.dfsg.P1-1_all.deb
 2ce2c0fdca4e3ed92f7981dd979bb6532888c96e 19866 host_9.9.2.dfsg.P1-1_all.deb
 36ca41f7b82a0f639e9aca02501e54bef45ef03c 434922 bind9_9.9.2.dfsg.P1-1_amd64.deb
 ae7ab270fa583fe38545c68808c1644d42fee5c1 143870 bind9utils_9.9.2.dfsg.P1-1_amd64.deb
 fa7aaf37c6ee15786552fd35fd7f847f1d26fbac 72732 bind9-host_9.9.2.dfsg.P1-1_amd64.deb
 d76907993003245e3357557c1e511419cc4486fd 1604752 libbind-dev_9.9.2.dfsg.P1-1_amd64.deb
 eb1fb89dc6e7e5156d3578185d0766d8026dd14a 41752 libbind9-90_9.9.2.dfsg.P1-1_amd64.deb
 48df172c5a5adf82718f287dccd3dd85efd31806 764242 libdns95_9.9.2.dfsg.P1-1_amd64.deb
 72f24d687db07be560ff1ca08dd56ed2c2cff849 183826 libisc92_9.9.2.dfsg.P1-1_amd64.deb
 3564c398d19a5d59e83515a5df40460f226706e0 54424 liblwres90_9.9.2.dfsg.P1-1_amd64.deb
 9022d7c143338945c09c19a721819a7a41cc4239 35144 libisccc90_9.9.2.dfsg.P1-1_amd64.deb
 0a45f1b676aa38dc612b54932a6da1c2d14db910 61964 libisccfg90_9.9.2.dfsg.P1-1_amd64.deb
 24eb57b135e72b1847d787022e05db8e9f1793c7 166684 dnsutils_9.9.2.dfsg.P1-1_amd64.deb
 5f215bc1d1f63a882453538a631449f1c7ff9efb 245274 lwresd_9.9.2.dfsg.P1-1_amd64.deb
 69b18c02ad67c8bf2ff0da751c339b4fd4a4aceb 433656 bind9_9.9.2.dfsg.P1-1_i386.deb
 6f4fb1a35049f4225982e279b0da806daab9624c 138870 bind9utils_9.9.2.dfsg.P1-1_i386.deb
 13b1ef2bdd6777fd3db1526096ae052655626aa3 71334 bind9-host_9.9.2.dfsg.P1-1_i386.deb
 e11d0e99e83212e11a048782d2fed493b56b950d 1594382 libbind-dev_9.9.2.dfsg.P1-1_i386.deb
 51fd504ef6a15a8c44f6a0c8a8953e56892d5267 42016 libbind9-90_9.9.2.dfsg.P1-1_i386.deb
 c4f2e3bfe0cd789b19c935977b15d8f20eed2aee 766112 libdns95_9.9.2.dfsg.P1-1_i386.deb
 d9c4f3826549cdba04d889851164cf08db7f549e 183148 libisc92_9.9.2.dfsg.P1-1_i386.deb
 53d633831b03d4972632a596c4abff04538b2f04 54684 liblwres90_9.9.2.dfsg.P1-1_i386.deb
 1ca61633035e70912c1348ef50f473ba3dd88a34 35448 libisccc90_9.9.2.dfsg.P1-1_i386.deb
 df33a5b0fa0fa9ca1e55111e6eeaf951de1be9e1 59104 libisccfg90_9.9.2.dfsg.P1-1_i386.deb
 265fce85c7775698694ece43a685b7ff04fc93cf 163222 dnsutils_9.9.2.dfsg.P1-1_i386.deb
 3b310ba4ad737ae186bd644bc2c1a41f357cd42f 244198 lwresd_9.9.2.dfsg.P1-1_i386.deb
Checksums-Sha256: 
 78de104c8b7144facdb7cddc1348e4a3c203f5ef00a4dd9f72203fbcd16e6440 1942 bind9_9.9.2.dfsg.P1-1.dsc
 28765be8441871c53365c3a474c1c9ebba8ead4ce5e299eea19ac184f4da3df1 7410647 bind9_9.9.2.dfsg.P1.orig.tar.gz
 9d94f4ab01fd895e4acdb502fd64e2fd0ec8667952708821fe176699bf9ac77e 594888 bind9_9.9.2.dfsg.P1-1.diff.gz
 c6d137346be22c4d3216a8404255afe46e49510982e0a88f90ac4d71ce5556d0 374338 bind9-doc_9.9.2.dfsg.P1-1_all.deb
 95815386f064f30b937dafc8e2099e8b4cc3d5f3177dfe9937d629e0d7fed6ae 19866 host_9.9.2.dfsg.P1-1_all.deb
 586f0aa123547c52ec66251686daeddbad5bd4f1acd7c794fa7f04afc1709570 434922 bind9_9.9.2.dfsg.P1-1_amd64.deb
 652316a15e58de915fa248b9cd9513ec644bf05a64f2bb7fbd95932b66338cd0 143870 bind9utils_9.9.2.dfsg.P1-1_amd64.deb
 59939cd3e1de9551417d6f678b054e005e63a1b7b7d996ae49149681d1597e6d 72732 bind9-host_9.9.2.dfsg.P1-1_amd64.deb
 1f1e925a559822527f697249fec345d517109343dc8ee260266370f855b7d92a 1604752 libbind-dev_9.9.2.dfsg.P1-1_amd64.deb
 174364722012f7406e812b951b86e8adc30480accb341cd1c6d4dc2e8ed194a1 41752 libbind9-90_9.9.2.dfsg.P1-1_amd64.deb
 558a6251b0ef12b81eafbe562e5dd87b4f0b333c7c64b0d57d377ba0d923b52d 764242 libdns95_9.9.2.dfsg.P1-1_amd64.deb
 cab46908e505aab5163606a2c75e148c90f292e2eac04c472026e13330d0429f 183826 libisc92_9.9.2.dfsg.P1-1_amd64.deb
 4ac167070e749ef14a5b89719dcd47284cd284a54e45bac1ebc6b468a257f443 54424 liblwres90_9.9.2.dfsg.P1-1_amd64.deb
 f528c83ce47d9b033f6c2e3723772132c790bdab31caef96ae93b2ac0083adea 35144 libisccc90_9.9.2.dfsg.P1-1_amd64.deb
 571f836b83c2e8d5d7dbf452ead64f560c2966b4fa0d323e2df407ebd15f6234 61964 libisccfg90_9.9.2.dfsg.P1-1_amd64.deb
 74883f9b618260724a2f708fe21239db608e93dba3601af7ed2afcea7d310728 166684 dnsutils_9.9.2.dfsg.P1-1_amd64.deb
 6503b962a2b3d6792a940f6c544e08be41589848f6bd73cdbb9033b012b436bb 245274 lwresd_9.9.2.dfsg.P1-1_amd64.deb
 721f0e76eaea36ded301694fc02f4219b848efd9a98e2ddee32d70293ea8824e 433656 bind9_9.9.2.dfsg.P1-1_i386.deb
 76a65b38936242ef8cee554a19fabb177c7659c19813d5549fbeb1b00f6f209e 138870 bind9utils_9.9.2.dfsg.P1-1_i386.deb
 b53d789e6927d8a6892e7b5516d203ddddb0a8f921417008b96cdcdc47235b8b 71334 bind9-host_9.9.2.dfsg.P1-1_i386.deb
 c34c241ec1716d6518dcaa61941b2fd348be22c00de1a0dffd36187c96c19f07 1594382 libbind-dev_9.9.2.dfsg.P1-1_i386.deb
 b03e6fc97ae5de0632606c91c4251623ceb9e4d25373bfc392e0bbe25f2fbe36 42016 libbind9-90_9.9.2.dfsg.P1-1_i386.deb
 dc1bb09f59bb493f8aae0ffc008141f75736addbcdb54a33584797d18287cb74 766112 libdns95_9.9.2.dfsg.P1-1_i386.deb
 c026bb0b604ee3faad86361c37d7e6c9d1a1059bfdfe5fb6d375b9172673f30d 183148 libisc92_9.9.2.dfsg.P1-1_i386.deb
 5a5aa14bb8d466a7ca663a51157f39147ee82e6346afc40b7ba198f3eb2d58ad 54684 liblwres90_9.9.2.dfsg.P1-1_i386.deb
 8481c3e384fd11566ddae8664f5617fc2dab9d8b26bd48871c5e27e85d6d9234 35448 libisccc90_9.9.2.dfsg.P1-1_i386.deb
 6ab2fdbeb255ef4271694db9de9b13bdc6c6060eecb57201426f4e89a049c60c 59104 libisccfg90_9.9.2.dfsg.P1-1_i386.deb
 ebda975d3e80609715a3b516f66fa617b1eb706d65e3fbebebeb305414a3f139 163222 dnsutils_9.9.2.dfsg.P1-1_i386.deb
 828660a8657b7dbdc94a36ab097070cab6bcbb92ff28cc91f006d4ce4632db76 244198 lwresd_9.9.2.dfsg.P1-1_i386.deb
Files: 
 9e3205b9b3bdd1e0e6388f9e77a08488 1942 net optional bind9_9.9.2.dfsg.P1-1.dsc
 8d086756cea339799c066262a891cd5a 7410647 net optional bind9_9.9.2.dfsg.P1.orig.tar.gz
 b4db37dd98cece6aab8bbd4014d4475e 594888 net optional bind9_9.9.2.dfsg.P1-1.diff.gz
 42a781cf9f5b2005fd89084c8b4d227d 374338 doc optional bind9-doc_9.9.2.dfsg.P1-1_all.deb
 95f177140d18fb1bc49b593d60fe53e2 19866 net standard host_9.9.2.dfsg.P1-1_all.deb
 d0a314a441cfe09fc05ec7c62c2d5c22 434922 net optional bind9_9.9.2.dfsg.P1-1_amd64.deb
 eb3bbb7f8cf166c869049e60e4be590c 143870 net optional bind9utils_9.9.2.dfsg.P1-1_amd64.deb
 e6d316e3ef46a94b3540753435d2d58e 72732 net standard bind9-host_9.9.2.dfsg.P1-1_amd64.deb
 da50e13cb2884c5c559266f7d7c92ad2 1604752 libdevel optional libbind-dev_9.9.2.dfsg.P1-1_amd64.deb
 b741c388d4b76d88f5dfde9b42eb0825 41752 libs standard libbind9-90_9.9.2.dfsg.P1-1_amd64.deb
 cbba5cd601fc6176833282d1b154a67f 764242 libs standard libdns95_9.9.2.dfsg.P1-1_amd64.deb
 c55d418d8c2bf7893de186931d7c885f 183826 libs standard libisc92_9.9.2.dfsg.P1-1_amd64.deb
 aeedd92bcf9bc5f087c3cc5ebcf8765c 54424 libs standard liblwres90_9.9.2.dfsg.P1-1_amd64.deb
 e21a340866875ee93c296576065294c3 35144 libs optional libisccc90_9.9.2.dfsg.P1-1_amd64.deb
 aaa8a227431121b013c19918f2e7fc47 61964 libs optional libisccfg90_9.9.2.dfsg.P1-1_amd64.deb
 de39e108fe31c7c544b11aceedb65624 166684 net standard dnsutils_9.9.2.dfsg.P1-1_amd64.deb
 5bf836505155884caaf67bf3d507472f 245274 net optional lwresd_9.9.2.dfsg.P1-1_amd64.deb
 78bd3a2974494ea7002f92c69fcde4ec 433656 net optional bind9_9.9.2.dfsg.P1-1_i386.deb
 62fd5e87464309bd07060b06a62e2c4f 138870 net optional bind9utils_9.9.2.dfsg.P1-1_i386.deb
 9dd3d19608e97e0c5566e054e5dbd883 71334 net standard bind9-host_9.9.2.dfsg.P1-1_i386.deb
 31d3ea78d2c95225a5a341217b60159a 1594382 libdevel optional libbind-dev_9.9.2.dfsg.P1-1_i386.deb
 e57dac803df1180b088dc8b1042705d5 42016 libs standard libbind9-90_9.9.2.dfsg.P1-1_i386.deb
 62f4d8a32ec092ef444d38923378da33 766112 libs standard libdns95_9.9.2.dfsg.P1-1_i386.deb
 59e5a0e2ac6e64d393a4aaad8f183e98 183148 libs standard libisc92_9.9.2.dfsg.P1-1_i386.deb
 702a11c686f705ecc867f6446fe05f63 54684 libs standard liblwres90_9.9.2.dfsg.P1-1_i386.deb
 c5d97577f48b6dda88b29de0b3ce8066 35448 libs optional libisccc90_9.9.2.dfsg.P1-1_i386.deb
 0575235694fe891af7e61d6d3e71eb75 59104 libs optional libisccfg90_9.9.2.dfsg.P1-1_i386.deb
 1417bade19d203e6fa47c4b787e50bc6 163222 net standard dnsutils_9.9.2.dfsg.P1-1_i386.deb
 59e12327406eafad232342722e6bd364 244198 net optional lwresd_9.9.2.dfsg.P1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQv1QIzN/kmwoKyScRAjyvAJ9gX/n2DlLAxt/p2RDWJhhUmkcRCgCbB0VZ
MVoCiA1stlt/E8OkMWx8BLw=
=0Yaj
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#695192; Package bind9. (Wed, 12 Dec 2012 17:57:11 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 12 Dec 2012 17:57:12 GMT) (full text, mbox, link).

Message #20 received at 695192@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: LaMont Jones <lamont@debian.org>
Cc: 695192@bugs.debian.org
Subject: Re: Bug#695192: bind9: CVE-2012-5688
Date: Wed, 12 Dec 2012 18:52:21 +0100
On Wed, Dec 05, 2012 at 05:25:36AM -0700, LaMont Jones wrote:
> On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote:
> > Package: bind9
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > Please see https://kb.isc.org/article/AA-00828
> > Stable is not affected. This needs to be fixed through testing-proposed-updates,
> > since the testing and unstable packages have diverged and won't be updated that
> > late in the freeze.
> 
> I've been holding unstable at 9.8 in the hope that it might make it into
> testing.  ISC has quit supporting 9.8.1, I'd like to as well.
> 
> I'll look into the backport soon, if the security team doesn't beat me to it.

LaMont, can you upload a version targeted at testing-proposed-updates based on
1:9.8.1.dfsg.P1-4.4 ?

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#695192; Package bind9. (Thu, 13 Dec 2012 02:42:03 GMT) (full text, mbox, link).

Acknowledgement sent to Matthew Grant <matthewgrant5@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 13 Dec 2012 02:42:03 GMT) (full text, mbox, link).

Message #25 received at 695192@bugs.debian.org (full text, mbox, reply):

From: Matthew Grant <matthewgrant5@gmail.com>
To: Moritz Muehlenhoff <jmm@inutil.org>, 695192@bugs.debian.org
Subject: Re: Bug#695192: bind9: CVE-2012-5688
Date: Thu, 13 Dec 2012 15:38:31 +1300
[Message part 1 (text/plain, inline)]
Why does the Wheezy release team have its nose so stuck up about a minor
upstream version number?

9.8.4-P1 IS ISC's official bug fixed release of the 9.8.x source tree ,
INCLUDING 9.8.1*

Don't drive the security maintainers into loops about unsupported code in
an upcoming stable release!

Sheesh, some time dogged adherence to policy is NOT achieving our main end
results.

Cheers,

Matthew Grant

On Thu, Dec 13, 2012 at 6:52 AM, Moritz Muehlenhoff <jmm@inutil.org> wrote:

> On Wed, Dec 05, 2012 at 05:25:36AM -0700, LaMont Jones wrote:
> > On Wed, Dec 05, 2012 at 09:31:00AM +0100, Moritz Muehlenhoff wrote:
> > > Package: bind9
> > > Severity: grave
> > > Tags: security
> > > Justification: user security hole
> > > Please see https://kb.isc.org/article/AA-00828
> > > Stable is not affected. This needs to be fixed through
> testing-proposed-updates,
> > > since the testing and unstable packages have diverged and won't be
> updated that
> > > late in the freeze.
> >
> > I've been holding unstable at 9.8 in the hope that it might make it into
> > testing.  ISC has quit supporting 9.8.1, I'd like to as well.
> >
> > I'll look into the backport soon, if the security team doesn't beat me
> to it.
>
> LaMont, can you upload a version targeted at testing-proposed-updates
> based on
> 1:9.8.1.dfsg.P1-4.4 ?
>
> Cheers,
>         Moritz
>
>

[Message part 2 (text/html, inline)]

Marked as found in versions bind9/1:9.8.1.dfsg.P1-4.3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 13 Dec 2012 21:36:03 GMT) (full text, mbox, link).

Marked as fixed in versions bind9/1:9.8.4.dfsg.P1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 13 Dec 2012 21:57:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#695192; Package bind9. (Thu, 13 Dec 2012 22:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Philipp Kern <phil@philkern.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 13 Dec 2012 22:51:03 GMT) (full text, mbox, link).

Message #34 received at 695192@bugs.debian.org (full text, mbox, reply):

From: Philipp Kern <phil@philkern.de>
To: Matthew Grant <matthewgrant5@gmail.com>, 695192@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#695192: bind9: CVE-2012-5688
Date: Thu, 13 Dec 2012 23:30:01 +0100
On Thu, Dec 13, 2012 at 03:38:31PM +1300, Matthew Grant wrote:
> Why does the Wheezy release team have its nose so stuck up about a minor
> upstream version number?
> 
> 9.8.4-P1 IS ISC's official bug fixed release of the 9.8.x source tree ,
> INCLUDING 9.8.1*
> 
> Don't drive the security maintainers into loops about unsupported code in
> an upcoming stable release!
> 
> Sheesh, some time dogged adherence to policy is NOT achieving our main end
> results.

And then we're talking about a version that does this over the version in
testing:

2248 files changed, 71094 insertions(+), 36757 deletions(-)

And about software whose bug tracking system and VCS are both proprietary.
So one cannot even sanely review it as the context information from the
RT tickets is not publically available.

Also I don't think your mail is helpful in any way.

Kind regards
Philipp Kern

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 02 Feb 2013 07:27:14 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:22:37 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started