North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sorry to ruin several of your evenings...
> Without being aware of what your disclosure policies are, I'll go ahead > and ask... what are the flaws, and are they also in 8.2.2-p7? if 8.2.2-P7 were safe, you can bet that the warning ("don't run anything earlier") would have come with 8.2.2-P7. > I don't see anything at: > > http://www.isc.org/products/BIND/bind-security.html > > that mentions p7. Sure, I could diff a bunch of stuff... you can bet that dozens of kiddies all over the world are diffing stuff. maybe you'll be faster than them, find the specific problem, develop a patch that's different from "install 8.2.3", and deploy it before you're hit. > Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing > about what a root server is. Also, note that Bugtraq is gone until > Monday, so there'll be no talk of this there. there are several major announcements planned for monday. ISC wanted to get the new code on the street soon enough to give people a running head start at upgrading. (the root name servers were all done last week, for example.)
|