- Fix CVE-2016-9147 (ISC change 4510)
- Fix regression introduced by CVE-2016-8864 (ISC change 4530)

- Fix CVE-2016-8864

- Fix CVE-2016-2848

- Fix CVE-2016-2776

- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite

- Fix CVE-2015-8704

- Fix CVE-2015-8000

- Fix CVE-2015-5722

- Fix CVE-2015-5477

- Remove files backup after patching (Related: #1171971)

- fix race condition in socket module

- fix CVE-2012-5166

- bind-chroot-admin: set correct permissions on /etc/named.conf during update

- fix CVE-2012-3817

- fix CVE-2012-1667 and CVE-2012-1033

- zone->curmaster before return in dns_zone_setmasterswithkeys()
- named could fail to send a uncompressable zone

- fix DOS against recursive servers (#754398)

- fixes for CVE-2010-3762, CVE-2010-3613 and CVE-2010-3614

- fixes for CVE-2010-3762, CVE-2010-3613 and CVE-2010-3614

- NSEC validation code could cause wrong NXDOMAIN responses (#554851,
  CVE-2010-0097)
- improve fix for CVE-2009-4022 (#538744)
  - {C,D}NAMEs could be returned to clients without proper DNSSEC validation
  - don't validate + cache out-of-bailiwick data returned with a secure answer.
    Refetch it instead.

- don't cache unvalidated additional sections (#538744)

- fix CVE-2009-0696 (#514292)

- fix named_sdb as well (CVE-2009-0696, #514292)

- security fix for remote DoS (CVE-2009-0696, #514292)

- handle unknown DLV algorithms well (#504794)

- check DSA_do_verify return value correctly

- check DSA_do_verify return value correctly

- remove query-source{,-v6} option from caching-nameserver.conf (#454852)

- CVE-2008-1447