Re: sorry to ruin several of your evenings...

[Paul A Vixie <vixie () mfnx net>]

> Without being aware of what your disclosure policies are, I'll go ahead
> and ask...  what are the flaws, and are they also in 8.2.2-p7?

if 8.2.2-P7 were safe, you can bet that the warning ("don't run anything
earlier") would have come with 8.2.2-P7.

> I don't see anything at:
>
> http://www.isc.org/products/BIND/bind-security.html
>
> that mentions p7.  Sure, I could diff a bunch of stuff...

you can bet that dozens of kiddies all over the world are diffing stuff.

maybe you'll be faster than them, find the specific problem, develop a patch
that's different from "install 8.2.3", and deploy it before you're hit.

> Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing
> about what a root server is.  Also, note that Bugtraq is gone until
> Monday, so there'll be no talk of this there.

there are several major announcements planned for monday.  ISC wanted to get
the new code on the street soon enough to give people a running head start at
upgrading.  (the root name servers were all done last week, for example.)