--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/patches/005-RT9522.patch Wed Jan 20 16:41:39 2016 +0000
@@ -0,0 +1,44 @@
+This patch was derived from ISC source differences between bind-9.10.3-P2 and bind-9.10.3-P3
+
+diff -r f899dcaa07f7 CHANGES
+--- a/CHANGES Fri Jan 15 12:48:27 2016 +0000
++++ b/CHANGES Fri Jan 15 13:12:34 2016 +0000
+@@ -1,3 +1,8 @@
++ --- 9.6-ESV-R11-P5 released ---
++
++4285. [security] Specific APL data could trigger a INSIST.
++ (CVE-2015-8704) [RT #41396]
++
+ --- 9.6-ESV-R11-P4 released ---
+
+ 4260. [security] Insufficient testing when parsing a message allowed
+diff -r f899dcaa07f7 lib/dns/rdata/in_1/apl_42.c
+--- a/lib/dns/rdata/in_1/apl_42.c Fri Jan 15 12:48:27 2016 +0000
++++ b/lib/dns/rdata/in_1/apl_42.c Fri Jan 15 13:12:34 2016 +0000
+@@ -116,7 +116,7 @@
+ isc_uint8_t len;
+ isc_boolean_t neg;
+ unsigned char buf[16];
+- char txt[sizeof(" !64000")];
++ char txt[sizeof(" !64000:")];
+ const char *sep = "";
+ int n;
+
+@@ -140,7 +140,7 @@
+ isc_region_consume(&sr, 1);
+ INSIST(len <= sr.length);
+ n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+- neg ? "!": "", afi);
++ neg ? "!" : "", afi);
+ INSIST(n < (int)sizeof(txt));
+ RETERR(str_totext(txt, target));
+ switch (afi) {
+diff -r f899dcaa07f7 version
+--- a/version Fri Jan 15 12:48:27 2016 +0000
++++ b/version Fri Jan 15 13:12:34 2016 +0000
+@@ -10,4 +10,4 @@
+ PATCHVER=
+ RELEASETYPE=-ESV
+ RELEASEVER=-R11
+-EXTENSIONS=-P4
++EXTENSIONS=-P5