CentOS - Nov 2011 - Bind9 zero day bug - CVE-2011-4313 - when will there be an update in Centos 5+6 ?

Hi.

http://www.debian.org/security/2011/dsa-2347

There is updated packages for Debian (and Ubuntu) already.

Do you know how long until Centos release an update to bind ?

I have looked here and couldn't see any info  -
http://lists.centos.org/pipermail/centos-announce/2011-November/thread.html

- Is this the correct place to look for security update info ?

Cheers !

On Fri, Nov 18, 2011 at 09:47:45AM +0000, Morgan Cox
wrote:
> Hi.
> 
> http://www.debian.org/security/2011/dsa-2347
> 
> There is updated packages for Debian (and Ubuntu) already.
> 
> Do you know how long until Centos release an update to bind ?
they are already released 4/5 in updates and 6/CR
but the announces are just not sent yet. We also need time to sleep ;)

Tru
-- 
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20111118/68efc53e/attachment.sig>

On Friday, November 18, 2011 05:47 PM, Morgan Cox wrote:
> Hi.
>
> http://www.debian.org/security/2011/dsa-2347
>
> There is updated packages for Debian (and Ubuntu) already.
>
> Do you know how long until Centos release an update to bind ?
>
> I have looked here and couldn't see any info  -
> http://lists.centos.org/pipermail/centos-announce/2011-November/thread.html
>
> - Is this the correct place to look for security update info ?
>    
[09:28:22] <Jeff_S> pj: 
http://ftp-osl.osuosl.org/pub/centos/6/cr/x86_64/RPMS/bind-9.7.3-2.el6_1.P3.3.x86_64.rpm
was already pushed to CR

That was about 8 and a half hours ago.

It's out for c5 too according to pj.

Hi

That's good to hear

Thank you to everybody who works on this project !

regards




On 18 November 2011 09:55, Tru Huynh <tru at centos.org> wrote:
> On Fri, Nov 18, 2011 at 09:47:45AM +0000, Morgan Cox wrote:
> > Hi.
> >
> > http://www.debian.org/security/2011/dsa-2347
> >
> > There is updated packages for Debian (and Ubuntu) already.
> >
> > Do you know how long until Centos release an update to bind ?
> they are already released 4/5 in updates and 6/CR
> but the announces are just not sent yet. We also need time to sleep ;)
>
> Tru
> --
> Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Hi!


http://ftp.iij.ad.jp/pub/linux/centos/5.7/updates/x86_64/RPMS/


There is not yet the announcement, but the package seems to become latest


?iij repository
bind-9.3.6-16.P1.el5_7.1.x86_64.rpm	18-Nov-2011 08:08 	1.0M

?RHEL
http://rhn.redhat.com/errata/RHSA-2011-1458.html

bind-9.3.6-16.P1.el5_7.1.x86_64.rpm


## Wakaba Hirose

Morgan Cox <morgancoxuk at gmail.com>???
> Hi.
> 
> http://www.debian.org/security/2011/dsa-2347
> 
> There is updated packages for Debian (and Ubuntu) already.
> 
> Do you know how long until Centos release an update to bind ?
> 
> I have looked here and couldn't see any info  -
> http://lists.centos.org/pipermail/centos-announce/2011-November/thread.html
> 
> - Is this the correct place to look for security update info ?
> 
> Cheers !
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Hello Morgan,

On Fri, 2011-11-18 at 09:47 +0000, Morgan Cox wrote:
> http://www.debian.org/security/2011/dsa-2347
> - Is this the correct place to look for security update info ?
The first place to look would be
https://www.redhat.com/mailman/listinfo/enterprise-watch-list . If
upstream doesn't have a fix neither has CentOS.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research