Bug 10437

Summary: bind new security issue CVE-2013-3919
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Oden Eriksson <oe>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: bind-9.9.2.P2-2.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-06-05 13:43:22 CEST 
Upstream has issued an advisory on June 4:
https://kb.isc.org/article/AA-00967

The issue is fixed in 9.9.3-P1:
https://kb.isc.org/article/AA-00970

Oden has built updated packages for Mageia 2, Mageia 3, and Cauldron.

Oden, is this ready for QA?

Packages built:
bind-9.9.3.P1-1.mga2
bind-sdb-9.9.3.P1-1.mga2
bind-utils-9.9.3.P1-1.mga2
bind-devel-9.9.3.P1-1.mga2
bind-doc-9.9.3.P1-1.mga2
bind-9.9.3.P1-1.mga3
bind-sdb-9.9.3.P1-1.mga3
bind-utils-9.9.3.P1-1.mga3
bind-devel-9.9.3.P1-1.mga3
bind-doc-9.9.3.P1-1.mga3

from SRPMS:
bind-9.9.3.P1-1.mga2.src.rpm
bind-9.9.3.P1-1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2013-06-05 13:43:28 CEST

Whiteboard: (none) => MGA2TOO

Comment 1 Oden Eriksson 2013-06-05 15:03:37 CEST 
No need to because:

"Versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 ARE NOT affected."

I added 9.9.3-P1 as a proposed maintenance update because I already did the work for some other usage.
Comment 2 David Walser 2013-06-05 16:44:01 CEST 
Thanks Oden.

So that'll save us work in the future for the next time we do need to update it.

Changing version to Cauldron and marking FIXED as of bind-9.9.3.P1-1.mga4.

Status: NEW => RESOLVED
Version: 3 => Cauldron
Resolution: (none) => FIXED
Whiteboard: MGA2TOO => (none)