oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BIND CVE-2009-4022 fix incomplete

From: Josh Bressers <bressers () redhat com>
Date: Wed, 20 Jan 2010 09:00:01 -0500 (EST)

----- "Josh Bressers" <bressers () redhat com> wrote:


Hi Steve,

I'm not assigning this one as I'm not sure if you've seen this or
not.

ISC released an update today for BIND, part of it was that
CVE-2009-4022
was not completely fixed:
https://www.isc.org/advisories/CVE-2009-4022

If you look down at the bottom of their advisory you can see this:
    Jan. 19 - Revised Summary, Severity, Description, Workaround,
Impact &
    Solution (earlier fixes incomplete) 

As best as we can tell, this is why:
https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7



As this is holding up a Red Hat erratum, risking a dupe, I've
assigned this CVE-2010-0290.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: