Update to the latest patch level from ISC:

BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
  vulnerable to a software defect that allows a crafted query to
  crash the server with a REQUIRE assertion failure.  Remote
  exploitation of this defect can be achieved without extensive
  effort, resulting in a denial-of-service (DoS) vector against
  affected servers.

Security:	2892a8e2-3d68-11e2-8e01-0800273fe665
		CVE-2012-5688
Feature safe:	yes

dns/bind98/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bind98
-PORTVERSION=	9.8.4
+PORTVERSION=	9.8.4.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
@@ -11,7 +11,7 @@ MAINTAINER=	erwin@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.8.4
+ISCVERSION=	9.8.4-P1
 
 MAKE_JOBS_UNSAFE=	yes
 

dns/bind98/distinfo

@@ -1,4 +1,2 @@
-SHA256 (bind-9.8.4.tar.gz) = fdc378b04af99ed3a4cb82a4b0142fdd751fda568e1f7c7e95eab16ef63cac84
-SIZE (bind-9.8.4.tar.gz) = 7141026
-SHA256 (bind-9.8.4.tar.gz.asc) = dfe508f85143823d024dd4759a36a9a5298c0948fd783679d0f42a557e3663af
-SIZE (bind-9.8.4.tar.gz.asc) = 490
+SHA256 (bind-9.8.4-P1.tar.gz) = 60c979575bf6288570cb4e3e9ab9d99bb93a55d2a4946ce277f6e6e642dda21f
+SIZE (bind-9.8.4-P1.tar.gz) = 7129321

dns/bind99/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	bind99
-PORTVERSION=	9.9.2
+PORTVERSION=	9.9.2.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
@@ -11,7 +11,7 @@ MAINTAINER=	erwin@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.2
+ISCVERSION=	9.9.2-P1
 
 MAKE_JOBS_UNSAFE=	yes
 

dns/bind99/distinfo

@@ -1,4 +1,2 @@
-SHA256 (bind-9.9.2.tar.gz) = 7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48
-SIZE (bind-9.9.2.tar.gz) = 7285050
-SHA256 (bind-9.9.2.tar.gz.asc) = d759edfd7c69bdc037e368d3e52a508a1ccc3e5d5e95ead62b461afdb24729d9
-SIZE (bind-9.9.2.tar.gz.asc) = 490
+SHA256 (bind-9.9.2-P1.tar.gz) = 4bce7c020402623333b655be5167ae8c52f30a6bfe9750caa3ab70da7d90219c
+SIZE (bind-9.9.2-P1.tar.gz) = 7277498

security/vuxml/vuln.xml

@@ -51,6 +51,48 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="2892a8e2-3d68-11e2-8e01-0800273fe665">
+    <topic>dns/bind9* -- servers using DNS64 can be crashed by a crafted query</topic>
+    <affects>
+      <package>
+	<name>bind99</name>
+	<range><lt>9.9.2.1</lt></range>
+      </package>
+      <package>
+	<name>bind99-base</name>
+	<range><lt>9.9.2.1</lt></range>
+      </package>
+      <package>
+	<name>bind98</name>
+	<range><lt>9.8.4.1</lt></range>
+      </package>
+      <package>
+	<name>bind98-base</name>
+	<range><lt>9.8.4.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>ISC reports:</p>
+	<blockquote cite="https://kb.isc.org/article/AA-00828">
+	  <p>BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
+  	     vulnerable to a software defect that allows a crafted query to
+	     crash the server with a REQUIRE assertion failure.  Remote
+	     exploitation of this defect can be achieved without extensive
+  	     effort, resulting in a denial-of-service (DoS) vector against
+  	     affected servers.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2012-5688</cvename>
+    </references>
+    <dates>
+      <discovery>2012-11-27</discovery>
+      <entry>2012-12-04</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="f524d8e0-3d83-11e2-807a-080027ef73ec">
     <topic>bogofilter -- heap corruption by invalid base64 input</topic>
     <affects>