oss-sec mailing list archives

Re: The Bind incident

From: Barry Greene <bgreene () isc org>
Date: Wed, 6 Jul 2011 12:09:22 -0700

Hi Eugene,

Yes, we worked hard to contain disclosure process. Politics took over. We will put factors in place for the next 
security advisory cycle to remediate so it does not happen again.

Thanks,

Barry

On Jul 5, 2011, at 4:21 AM, Eugene Teo wrote:

(Cc'ed the ISC folks)

On 07/05/2011 07:17 PM, Eugene Teo wrote:

You might have read about AusCert's accidental disclosure of the ISC
Bind advisories today. If you have more information about this, please
share. AFAICS, the bind source packages are still not available at the
ISC website.

https://bugzilla.redhat.com/CVE-2011-2464
https://bugzilla.redhat.com/CVE-2011-2465
http://risky.biz/auscert-bind
http://pastebin.com/9NUt8Pk0

Thanks, Eugene

Current thread:

The Bind incident Eugene Teo (Jul 05)
- Re: The Bind incident Eugene Teo (Jul 05)
  - Re: The Bind incident Barry Greene (Jul 06)
    - Re: The Bind incident Eugene Teo (Jul 07)
- Re: The Bind incident Solar Designer (Jul 05)
  - Re: The Bind incident Mike O'Connor (Jul 06)
    - Re: The Bind incident Florian Weimer (Jul 06)