bind9: CVE-2018-5743

To: debian-security@lists.debian.org
Subject: bind9: CVE-2018-5743
From: Markus Wollny <markus.wollny@gmail.com>
Date: Thu, 9 May 2019 09:33:28 +0200
Message-id: <[🔎] CAObvaLkoqTVG5OdsArR94kmM2zg88r6LpVeMysj_euWYugH8ng@mail.gmail.com>

Hello,

Is there an ETA on the fix for this bind9 vulnerability to be
available for Debian Stretch yet?

https://security-tracker.debian.org/tracker/CVE-2018-5743 says that
the stable branch is still vulnerable (fixed in buster/sid only), even
though the Debian bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927932 is already
marked as closed.

I admit I am not all too familiar with usual Debian security
procedures in such cases, but as the bug is rated with a severity
rating of grave and it's now two weeks since the public disclosure, I
am starting to feel a little worried.

Kind regards

  Markus

Reply to:

Follow-Ups:
- Re: bind9: CVE-2018-5743
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: bind9: CVE-2018-5743
  - From: "Shaun Bugler - Hetzner (Pty) Ltd" <sb@hetzner.co.za>

Next by Date: Re: bind9: CVE-2018-5743
Next by thread: Re: bind9: CVE-2018-5743
Index(es):
- Date
- Thread