From: Evan Hunt Date: Mon, 13 Jan 2014 22:54:22 +0000 (-0800) Subject: [v9_6] add CVE details; marked 3656 as [security] X-Git-Tag: v9.6-ESV-R11rc2~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce6c30a3cd8d67dc89b61e2a92e98a6adb3a6e27;p=thirdparty%2Fbind9.git [v9_6] add CVE details; marked 3656 as [security] --- diff --git a/CHANGES b/CHANGES index 62c77f6f90e..d466baae137 100644 --- a/CHANGES +++ b/CHANGES @@ -12,7 +12,8 @@ 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures - when serving NSEC3 signed zones. [RT #35120] + when serving NSEC3 signed zones (CVE-2014-0591). + [RT #35120] 3692. [bug] Two calls to dns_db_getoriginnode were fatal if there was no data at the node. [RT #35080] @@ -55,8 +56,10 @@ 3658. [port] linux: Address platform specific compilation issue when libcap-devel is installed. [RT #34838] -3656. [bug] Treat an all zero netmask as invalid when generating - the localnets acl. [RT #34687] +3656. [security] Treat an all zero netmask as invalid when generating + the localnets acl. (The prior behavior could + allow unexpected matches when using some versions + of Winsock: CVE-2013-6320.) [RT #34687] 3655. [cleanup] Simplify TCP message processing when requesting a zone transfer. [RT #34825] diff --git a/README b/README index 7d85bd1e1c9..cc39bda24f5 100644 --- a/README +++ b/README @@ -51,8 +51,9 @@ BIND 9 BIND 9.6-ESV-R11 (Extended Support Version) BIND 9.6-ESV-R11 is a maintenance release, fixing bugs in - BIND 9.6-ESV-R10, and also includes the following functional - enhancement: + BIND 9.6-ESV-R10, and patches the security flaws described + in CVE-2013-6320 and CVE-2014-0591. It also includes the + following functional enhancement: - "named" now preserves the capitalization of names when responding to queries.