On Sat, Jan 29, 2000 at 01:31:36PM -0500, nm wrote:
> I apologize in advance because this post is not quite
> on topic.
> 
> I have a 1.3.3 system and I am about to install 1.4.1 on it.
> The primary function of this system is as a name server.
> 
> I thought I read somewhere (correct me if I am wrong) that
> the version of bind that shipped with 1.4.1 contained a bug
> that may compromise system security.  I could not find a
> patch for this bug on the ftp site, nor are any bugs listed
> for 1.4.1 on the web site.
> 
> I am worried that people may install 1.4.1 and check the
> web site, see that no security bugs are listed for 1.4.1 and
> assume that the bind that ships with it is secure.  Am I
> missing something or am I confused?

For sure there should be much more details on the web site about this.
As a general policy tracking release will get you all the security fixes,
but advisatories may have patches or workarounds for a specific problem.
Unfortunably we failed to get advisatories out for some important problems
in the past.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--