[CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

Wed Feb 23 19:28:15 UTC 2011
Trutwin, Joshua <JTRUTWIN at CSBSJU.EDU>

> Please take off the blinders and realize there are lots of folks (some x% of a
> million or more) on this list who compile from current source in order to
> minimize their risks and are therefore the subject audience.
> 
> On the one hand, you have Paul Vixie and crew (authors of BIND) and
> US_CERT saying "US-CERT encourages users and administrators using the
> affected versions of BIND to upgrade to BIND 9.7.3."  On the other hand, you
> have "don't bother me with reality, I'm comfortable, am not affected and
> don't want to read messages to those who are affected."

I've only been subscribed here a week and this topic seems very heated, so sorry if this stirs the pot up again, but don't patches for these things get back-ported?  So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x you'd still have security fixes like those in this article backported right?

And yeah I suppose rolling your own is always an option but in my experience it's to easy to get behind.  This seems more like a Slackware approach tho, nothing against Slack of course!

Josh