Bug 437828 (CVE-2012-5166)

Comment 1 Agostino Sarubbo 2012-10-10 12:21:43 UTC

@security/maintainer: please double-check if we can move it to C3.

Comment 2 Christian Ruppert (idl0r) 2012-10-10 20:12:29 UTC

9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for now.

Comment 3 Sean Amoss (RETIRED) 2012-10-10 21:56:58 UTC

(In reply to comment #2)
> 9.9.1-P4 and 9.9.2 have been added but please stabilize bind-9.9.1_p4 for
> now.

Thanks, Christian.

Arches, please test and mark stable.

Comment 4 Jeroen Roovers (RETIRED) 2012-10-11 13:38:32 UTC

Stable for HPPA.

Comment 5 Andreas Schürch 2012-10-11 13:56:35 UTC

x86 done.

Comment 6 Agostino Sarubbo 2012-10-11 14:23:20 UTC

amd64 stable

Comment 7 Anthony Basile 2012-10-11 22:31:30 UTC

stable ppc ppc64

Comment 8 Raúl Porcel (RETIRED) 2012-10-13 16:59:26 UTC

alpha/arm/ia64/s390/sh/sparc stable

Comment 9 GLSAMaker/CVETool Bot 2012-10-13 20:43:27 UTC

CVE-2012-5166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166):
  ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4,
  and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to
  cause a denial of service (named daemon hang) via unspecified combinations
  of resource records.

Comment 10 Sean Amoss (RETIRED) 2012-10-15 00:57:56 UTC

Thanks, everyone.

GLSA vote: yes.

Comment 11 Stefan Behte (RETIRED) 2012-12-16 21:52:06 UTC

Vote: yes. Added to existing GLSA request.

Comment 12 GLSAMaker/CVETool Bot 2014-01-29 22:52:42 UTC

This issue was resolved and addressed in
 GLSA 201401-34 at http://security.gentoo.org/glsa/glsa-201401-34.xml
by GLSA coordinator Sean Amoss (ackle).