BIND 9.4.2-P2 is now available. This is the SECOND security patch for BIND 9.4.2, addressing performance and stability issues in BIND 9.4.2-P1. Key features are as follows: - performance improvement over the P1 releases, namely + significantly remedying the port allocation issues + allowing TCP queries and zone transfers while issuing as many outstanding UDP queries as possible + additional security of port randomization at the same level as P1 NOTE: There are some remaining stability problems in 9.4.2-P2 when running under Microsoft Windows. A fix has been implemented, but missed the cutoff time for this release; it will be addressed in a Windows-specific release very soon. and also 9.5.0: This is the SECOND security patch for BIND 9.5.0, addressing performance and stability issues in BIND 9.5.0-P1. Key features are as follows: - performance improvement over the P1 releases, namely + significantly remedying the port allocation issues + allowing TCP queries and zone transfers while issuing as many outstanding UDP queries as possible + additional security of port randomization at the same level as P1 - also includes fixes for several bugs in the 9.5.0 base code NOTE: There are some remaining stability problems in 9.5.0-P2 when running under Microsoft Windows. A fix has been implemented, but missed the cutoff time for this release; it will be addressed in a Windows-specific release very soon. Both 9.4.2_p2 and 9.5.0_p2 are inCVS, candidates for stabilization are: =net-dns/bind-tools-9.4.2_p2 =net-dns/bind-9.4.2_p2
Arches, please test and mark stable: =net-dns/bind-9.4.2_p2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
well.. and =net-dns/bind-tools-9.4.2_p2 as mentioned in comment #0
+ 02 Aug 2008; <chainsaw@gentoo.org> bind-9.4.2_p2.ebuild: + Stable AMD64 keyword for security bug #233675, tested on Opteron 2218 + (hardened/amd64, gcc-3.4.6, glibc-2.6.1-r0, 2.6.24-hardened-r3 x86_64) and + Opteron 2354 (default/linux/amd64/2008.0/developer, gcc-4.3.1, + glibc-2.8_p20080602-r0, 2.6.27-rc1-00154-g660fc1f-dirty x86_64). + 02 Aug 2008; <chainsaw@gentoo.org> bind-tools-9.4.2_p2.ebuild: + Stable AMD64 keyword for security bug #233675, tested on Opteron 2218 + (hardened/amd64, gcc-3.4.6, glibc-2.6.1-r0, 2.6.24-hardened-r3 x86_64) and + Opteron 2354 (default/linux/amd64/2008.0/developer, gcc-4.3.1, + glibc-2.8_p20080602-r0, 2.6.27-rc1-00154-g660fc1f-dirty x86_64).
Stable for HPPA.
ppc64 stable
alpha/ia64/sparc/x86 stable
ppc stable and ready for glsa vote.
it seems to be more performance than security related... I vote NO.
According to upstream this issue only affects servers running at >10,000 requests per second, which would be very few installations (and they most probably monitor upstream mailings anyway), so I vote NO. closing.
