From: Tinderbox User Date: Thu, 8 Feb 2018 22:22:04 +0000 (+0000) Subject: regen v9_12 X-Git-Tag: v9.12.1b1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c95fa1c87d3b81d8711eff7159aa345b26ddad0;p=thirdparty%2Fbind9.git regen v9_12 --- diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index d75ffaf633e..94a6f4fbb5b 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -79,26 +79,15 @@

Security Fixes

-
    -
  • -

    - Addresses could be referenced after being freed during resolver - processing, causing an assertion failure. The chances of this - happening were remote, but the introduction of a delay in - resolution increased them. This bug is disclosed in - CVE-2017-3145. [RT #46839] -

    -
    • -
  • +

    • update-policy rules that otherwise ignore the name field now require that it be set to "." to ensure that any type list - present is properly interpreted. If the name field was omitted - from the rule declaration and a type list was present it wouldn't - be interpreted as expected. + present is properly interpreted. Previously, if the name field + was omitted from the rule declaration but a type list was + present, it wouldn't be interpreted as expected.

      -
      • -
    +
@@ -126,11 +115,9 @@

  • - Attempting to validate improperly unsigned CNAME responses - from secure zones could cause a validator loop. This caused - a delay in returning SERVFAIL and also increased the chances - of encountering the crash bug described in CVE-2017-3145. - [RT #46839] + named could crash when acting as a slave for a + catalog zone if zone contained a master definition without an IP + address. [RT #45999]

    • diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf index a95b9e4a1e7..aad67ba52fe 100644 Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ diff --git a/doc/arm/notes.html b/doc/arm/notes.html index c2e893a57cb..69ff4e66637 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -43,26 +43,15 @@

    Security Fixes

    -
      -
    • -

      - Addresses could be referenced after being freed during resolver - processing, causing an assertion failure. The chances of this - happening were remote, but the introduction of a delay in - resolution increased them. This bug is disclosed in - CVE-2017-3145. [RT #46839] -

      -
      • -
    • +

      • update-policy rules that otherwise ignore the name field now require that it be set to "." to ensure that any type list - present is properly interpreted. If the name field was omitted - from the rule declaration and a type list was present it wouldn't - be interpreted as expected. + present is properly interpreted. Previously, if the name field + was omitted from the rule declaration but a type list was + present, it wouldn't be interpreted as expected.

        -
        • -
      +
    @@ -90,11 +79,9 @@

  • - Attempting to validate improperly unsigned CNAME responses - from secure zones could cause a validator loop. This caused - a delay in returning SERVFAIL and also increased the chances - of encountering the crash bug described in CVE-2017-3145. - [RT #46839] + named could crash when acting as a slave for a + catalog zone if zone contained a master definition without an IP + address. [RT #45999]

    • diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf index 8335e9b7a81..e0fad26ddf5 100644 Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ