Subject: Re: vulnerability list change
To:, Thomas Klausner <>
From: Steven M. Bellovin <>
List: tech-security
Date: 06/28/2002 22:47:07
In message <>, "Steven M. Be
llovin" writes:
>In message <>, wr
>>>> >From download-vulnerability-list:
>>>> New vulnerability list (15224 bytes) is smaller than existing list (15232
>>>> bytes)
>>>> Was something removed intentionally, or is this bad?
>>>The bind-9.2.1 vulnerability line was removed, since bind-9.2.1 is not
>>>vulnerable IIUC. Normally, the file size should be increased anyway,
>>>but this seems to have been overlooked this time.
>>	maybe i should have commented out the line instead?  sorry for
>>	confusion.
>Yes, absolutely -- download-vulnerability-list won't overwrite a list 
>with a shorter one.  I had to remove my old one manually.

The answer is simpler:  according to ISC, 9.2.1 is vulnerable -- see the
statement at

		--Steve Bellovin, (me) ("Firewalls" book)