--- - branch: pkgsrc-2017Q1 date: Thu Apr 13 11:29:32 UTC 2017 files: - new: 1.31.2.1 old: '1.31' path: pkgsrc/net/bind910/Makefile pathrev: pkgsrc/net/bind910/Makefile@1.31.2.1 type: modified - new: 1.22.2.1 old: '1.22' path: pkgsrc/net/bind910/distinfo pathrev: pkgsrc/net/bind910/distinfo@1.22.2.1 type: modified id: 20170413T112932Z.0df3ea30f89496ef46f33da67cb3d25e8814c0b8 log: "Pullup ticket #5272 - requested by taca\nnet/bind910: security fix\n\nRevisions pulled up:\n- net/bind910/Makefile 1.32\n- net/bind910/distinfo 1.23\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tThu Apr 13 01:52:42 UTC 2017\n\n \ Modified Files:\n \tpkgsrc/net/bind910: Makefile distinfo\n\n Log Message:\n \ Update bind910 to 9.10.4pl8 (BIND 9.10.4-P8).\n\n Quote from release announce:\n\n \ BIND 9.10.4-P8 addresses the security issues described in\n CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the\n built-in trusted keys for the root zone.\n\n From CHANGELOG:\n\n \t--- 9.10.4-P8 released ---\n\n \ 4582.\t[security]\t'rndc \"\"' could trigger a assertion failure in named.\n \ \t\t\t(CVE-2017-3138) [RT #44924]\n\n 4580.\t[bug]\t\t4578 introduced a regression when handling CNAME to\n \t\t\treferral below the current domain. [RT #44850]\n\n \ \t--- 9.10.4-P7 released ---\n\n 4578.\t[security]\tSome chaining (CNAME or DNAME) responses to upstream\n \t\t\tqueries could trigger assertion failures.\n \ \t\t\t(CVE-2017-3137) [RT #44734]\n\n 4575.\t[security]\tDNS64 with \"break-dnssec yes;\" can result in an\n \t\t\tassertion failure. (CVE-2017-3136) [RT #44653]\n\n \ 4564.\t[maint]\t\tUpdate the built in managed keys to include the\n \t\t\tupcoming root KSK. [RT #44579]\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2017Q1] pkgsrc/net/bind910' unixtime: '1492082972' user: bsiegert