oss-sec mailing list archives

Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 19 Feb 2021 09:17:37 +0100

On Thu, 18 Feb 2021 20:09:47 -0900
ISC Security Officer <security-officer () isc org> wrote:

2)  If you already have packages based on 9.16.12, we expect to have
a patch ready well before the next maintenance release.  A candidate
patch is under review now and can be delivered after review and
quality assurance testing.  If you wish to receive updates on the
progress of this patch, please e-mail your request to
security-officer () isc org


I am confused by your actions here.

You warn people about a messed up release (can happen, no problem), you
say you have a preliminary patch, but you make it extra complicated to
get that patch? Why not just post the patch?

Also I read into your words that you don't plan to publish a quick
followup release, which would be the right thing to do ("we expect to
have a patch ready well before the next maintenance release" - I read
that as you don't plan to make a new maintenance release as soon as
the patch is ready, which would be the right thing to do).


-- 
Hanno Böck
https://hboeck.de/

Current thread:

BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination ISC Security Officer (Feb 19)
- Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Hanno Böck (Feb 19)
  - Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Michael McNally (Feb 19)
  - Re: BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination Ondřej Surý (Feb 19)