named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV
before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly
determine the security status of an NS RRset during a DNSKEY algorithm
rollover, which might allow remote attackers to cause a denial of service
(DNSSEC validation error) by triggering a rollover.
Updated: 2015-07-29 20:38:58 UTC (commit 9756)