[DESCRIBE CHANGES] - Fixing a vulnerability - Using the update to fix my email address since I quit ISNIC a long time ago (see dns/nsd history) We have released version 3.2.2. of NSD. This is *critical* bugfix release. One of the bugs is a one-byte buffer overflow that allows a carefully crafted exploit to take down your name-server. It is highly unlikely that the one-byte-off issue can lead to other (system) exploits. The bug affects all version of NSD 2.0.0 to 3.2.1. Whether the bug can be exploited to depends on various aspects of the OS and is therefore distribution and compiler dependent. For more information: http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html We strongly recommend you to update your systems to the latest version. If you have reasons for not running the latest version of NSD, we strongly advise you to at least apply the patch that resolves the critical bug. Added file(s): - files/patch-vuln
Class Changed From-To: maintainer-update->change-request Fix category (submitter is not maintainer) (via the GNATS Auto Assign Tool)
Maintainer of dns/nsd2, Please note that PR ports/134700 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134700 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->wxs I'll take it.
wxs 2009-05-19 17:16:14 UTC FreeBSD ports repository Modified files: dns/nsd2 Makefile Added files: dns/nsd2/files patch-vuln Log: - Fix a one-byte buffer overflow (vuxml entry coming shortly). - Update maintainers address. PR: ports/134700 Submitted by: Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer) Revision Changes Path 1.6 +2 -1 ports/dns/nsd2/Makefile 1.1 +13 -0 ports/dns/nsd2/files/patch-vuln (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed. Thanks!