upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-12 22:00:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[v9_9] add CVE details; marked 3656 as [security]

Browse source
This commit is contained in:
Evan Hunt 2014-01-13 14:52:20 -08:00
parent f7a59390e6
commit edd0fc4596
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
CHANGES
View file

@ -28,7 +28,8 @@
3693. [security] memcpy was incorrectly called with overlapping
ranges resulting in malformed names being generated
on some platforms. This could cause INSIST failures
when serving NSEC3 signed zones. [RT #35120]
when serving NSEC3 signed zones (CVE-2014-0591).
[RT #35120]
3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
was no data at the node. [RT #35080]
@ -128,8 +129,10 @@
3657. [port] Some readline clones don't accept NULL pointers when
calling add_history. [RT #34842]
3656. [bug] Treat an all zero netmask as invalid when generating
the localnets acl. [RT #34687]
3656. [security] Treat an all zero netmask as invalid when generating
the localnets acl. (The prior behavior could
allow unexpected matches when using some versions
of Winsock: CVE-2013-6320.) [RT #34687]
3655. [cleanup] Simplify TCP message processing when requesting a
zone transfer. [RT #34825]

13
README
View file

@ -53,8 +53,9 @@ BIND 9
BIND 9.9.5
BIND 9.9.5 is a maintenance release, and includes the following
functional enhancements:
BIND 9.9.5 is a maintenance release, and patches the security
flaws described in CVE-2013-6320 and CVE-2014-0591. It also
includes the following functional enhancements:
- "named" now preserves the capitalization of names when
responding to queries.
@ -63,10 +64,10 @@ BIND 9.9.5
- When re-signing a zone, the new "dnssec-signzone -Q" option
drops signatures from keys that are still published but are
no longer active.
- "named-checkconf -px" will print the contents of configuration
files with the shared secrets obscured, making it easier to
share configuration (e.g. when submitting a bug report)
without revealing private information.
- "named-checkconf -px" will print the contents of configuration
files with the shared secrets obscured, making it easier to
share configuration (e.g. when submitting a bug report)
without revealing private information.
BIND 9.9.4