three security fixes

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=20
2010-01-20 09:05:38 +00:00 · 2010-01-20 09:05:38 +00:00 · 8ba5a56d97
commit 8ba5a56d97
parent f680be0e24
4 changed files with 19 additions and 5 deletions
--- a/bind-9.6.1P2.tar.gz
+++ b/bind-9.6.1P2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:094ff51bd0f4eec62a3410b82ffe31c273590bac042a3bd817a67f5b88bbfc24
-size 6699115
--- a/bind-9.6.1P3.tar.gz
+++ b/bind-9.6.1P3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b48b5c0d2f8f670fd35178db62a4eb2327b9d73e7680dfa47a54d96ace8cf769
+size 6599680
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Jan 20 10:06:22 CET 2010 - ug@suse.de
+
+- [security]  Do not attempt to validate or cache
+              out-of-bailiwick data returned with a secure
+              answer; it must be re-fetched from its original
+              source and validated in that context. [RT #20819]
+
+- [security]  Cached CNAME or DNAME RR could be returned to clients
+              without DNSSEC validation. [RT #20737]
+
+- [security]  Bogus NXDOMAIN could be cached as if valid. [RT #20712]
+- version 9.6.1-P3
+
 -------------------------------------------------------------------
 Mon Jan  4 14:29:43 CET 2010 - ug@suse.de

--- a/bind.spec
+++ b/bind.spec
@ -20,11 +20,11 @@

 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.6.1P2
+%define pkg_vers 9.6.1P3
 #BuildRequires:  openldap2 openldap2-devel
 BuildRequires:  libcap libcap-devel libmysqlclient-devel libxml2-devel openssl openssl-devel
 Summary:        Domain Name System (DNS) Server (named)
-Version:        9.6.1P2
+Version:        9.6.1P3
 Release:        2
 %define       SDB_LDAP_VERSION      1.0-beta
 License:        BSD3c(or similar) ; MIT License (or similar)