On 1/29/07, Lubomir Kundrak <lkundrak@xxxxxxxxxx> wrote:
Hi Stephen, On Pi, 2007-01-26 at 18:20 -0700, Stephen John Smoogen wrote: > --- 9.3.4 released --- > > 2126. [security] Serialise validation of type ANY responses. [RT #16555] > > 2124. [security] It was possible to dereference a freed fetch > context. [RT #16584] There is a bug open in bugzilla for this update. See #224443 [1]. Unfortunately, there is too little information to find out why is update 2126 a security issue, and why did not ISC issue an advisory for it. *Sigh* ISC is not good at providing with usable informaation.
Yeah.. the story I have heard multiple times is, people pay ISC for support then get better answers on the newsgroups from ISC people. There was some discussion on ISC this weekend about it with CVE numbers which probably tell even less :). http://isc.sans.org/diary.html?storyid=2129
[1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224443 Regards, -- Lubomir Kundrak (Red Hat Security Response Team)
-- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
