sorry to ruin several of your evenings...
Paul A Vixie
vixie at mfnx.net
Sun Jan 28 18:02:46 UTC 2001
> Without being aware of what your disclosure policies are, I'll go ahead
> and ask... what are the flaws, and are they also in 8.2.2-p7?
if 8.2.2-P7 were safe, you can bet that the warning ("don't run anything
earlier") would have come with 8.2.2-P7.
> I don't see anything at:
>
> http://www.isc.org/products/BIND/bind-security.html
>
> that mentions p7. Sure, I could diff a bunch of stuff...
you can bet that dozens of kiddies all over the world are diffing stuff.
maybe you'll be faster than them, find the specific problem, develop a patch
that's different from "install 8.2.3", and deploy it before you're hit.
> Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing
> about what a root server is. Also, note that Bugtraq is gone until
> Monday, so there'll be no talk of this there.
there are several major announcements planned for monday. ISC wanted to get
the new code on the street soon enough to give people a running head start at
upgrading. (the root name servers were all done last week, for example.)
More information about the NANOG
mailing list