This patch was derived from ISC source differences between bind-9.10.3-P2 and bind-9.10.3-P3
diff -r f899dcaa07f7 CHANGES
--- a/CHANGES Fri Jan 15 12:48:27 2016 +0000
+++ b/CHANGES Fri Jan 15 13:12:34 2016 +0000
@@ -1,3 +1,8 @@
+ --- 9.6-ESV-R11-P5 released ---
+
+4285. [security] Specific APL data could trigger a INSIST.
+ (CVE-2015-8704) [RT #41396]
+
--- 9.6-ESV-R11-P4 released ---
4260. [security] Insufficient testing when parsing a message allowed
diff -r f899dcaa07f7 lib/dns/rdata/in_1/apl_42.c
--- a/lib/dns/rdata/in_1/apl_42.c Fri Jan 15 12:48:27 2016 +0000
+++ b/lib/dns/rdata/in_1/apl_42.c Fri Jan 15 13:12:34 2016 +0000
@@ -116,7 +116,7 @@
isc_uint8_t len;
isc_boolean_t neg;
unsigned char buf[16];
- char txt[sizeof(" !64000")];
+ char txt[sizeof(" !64000:")];
const char *sep = "";
int n;
@@ -140,7 +140,7 @@
isc_region_consume(&sr, 1);
INSIST(len <= sr.length);
n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
- neg ? "!": "", afi);
+ neg ? "!" : "", afi);
INSIST(n < (int)sizeof(txt));
RETERR(str_totext(txt, target));
switch (afi) {
diff -r f899dcaa07f7 version
--- a/version Fri Jan 15 12:48:27 2016 +0000
+++ b/version Fri Jan 15 13:12:34 2016 +0000
@@ -10,4 +10,4 @@
PATCHVER=
RELEASETYPE=-ESV
RELEASEVER=-R11
-EXTENSIONS=-P4
+EXTENSIONS=-P5