tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: More old versions to remove



On Jan 19, 2010, at 12:12 AM, Matthias Scheler wrote:
On 18 Jan 2010, at 17:39, Joerg Sonnenberger wrote:
net/bind9
        Two versions of bind (9.5 and 9.6) should be good enough,
        so IMO 9.4 can go.

No, objections. But there are packages like "mediatomb" (which I
just fixed) that include "pkgsrc/net/bind9/buildlink3.mk" e.g.
to get the "lwres" library. Please make sure that those get
changed as well.

This version of bind9 is vulnerable to CVE2009-4022 anyway.
(https://www.isc.org/advisories/CVE2009-4022)

I notified NetBSD Security-Officer about this, since netbsd-4(-0) also are affected.

Well, yes, most part of the world probably isn't running DNSSEC validation on there (NetBSD) resolvers, but the DNS root will (at least start to) be signed this year according to ICANN & Verisigns plan.
(For more info, see http://www.root-dnssec.org/).

And DNSSEC in the .SE ccTLD has been active some years now.

Regards,
/P


Home | Main Index | Thread Index | Old Index