From ${URL} : Today ISC disclosed three vulnerabilities affecting multiple versions of BIND. Full details on versions affected and more information about the vulnerabilities are available via these articles in the ISC Knowledge Base: CVE-2018-5744: A specially crafted packet can cause named to leak memory https://kb.isc.org/docs/cve-2018-5744 CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when a server is using managed-keys https://kb.isc.org/docs/cve-2018-5745 CVE-2019-6465: Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. https://kb.isc.org/docs/cve-2019-6465 New software versions are available from the ISC downloads page: https://www.isc.org/downloads With the public disclosure of these vulnerabilities, parties which had been given advance notice concerning them are released from non-disclosure and packagers and redistributors are encouraged to publish updated packages containing fixes. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
bind-9.12.3_p4 and bind-tools-9.12.3_p4 have just been added but not yet tested
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Feel free to stabilize bind-9.12.3_p4 and bind-tools-9.12.3_p4
@arches, please stabilize.
amd64 stable
alpha stable
ppc64 stable
x86 stable
ppc stable
arm stable
sparc stable
ia64 stable
hppa stable
Also cleaned old. GLSA vote: no.
