Code review comment for ~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge

* Verified all items in Remaining Changes still present in debdiff
* Verified Maintainer
* No changes outside debian/
* In lxc tested installation, uninstallation, and purge
* Ran autopkgtests:
  - - - - - - - - - - results - - - - - - - - - -
  simpletest PASS
  autopkgtest [02:15:41]: @@@@@@@@@@@@@@@@@@@@ summary
  simpletest PASS

* Verified version matches what's in debian unstable, although newer version in debian new:
  bind9 | 1:9.11.5.P4+dfsg-5 | testing | source, amd64, ...
  bind9 | 1:9.11.5.P4+dfsg-5 | unstable | source, amd64, ...
  bind9 | 1:9.11.6+dfsg-1 | new | source, amd64

* I verified we have the CVEs mentioned for 9.11.6 and 9.11.7:

  9.11.6:
  - https://ftp.isc.org/isc/bind/9.11.6/RELEASE-NOTES-bind-9.11.6.html
  - CVE-2018-5740 √
  - CVE-2018-5738 √
  - CVE-2018-5745 √
  - CVE-2018-5744 √
  - CVE-2019-6465 √
  - https://ftp-master.debian.org/new/bind9_1:9.11.6+dfsg-1.html
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923984 √

  9.11.7:
  - https://ftp.isc.org/isc/bind/9.11.7/RELEASE-NOTES-bind-9.11.7.html
  - Fixes CVE-2018-5743 √

  Debian's CVE status is here:
  - https://security-tracker.debian.org/tracker/source-package/bind9

* We're missing one CVE, that is provided in the latest upstream bind9:
  9.11.8:
  - https://ftp.isc.org/isc/bind/9.11.8/RELEASE-NOTES-bind-9.11.8.html
  - https://gitlab.isc.org/isc-projects/bind9/commit/7dfef18b05bd5ccd5b17f841212caf152b16c7d3
  - Fixes CVE-2019-6471

Aside from CVEs, I didn't look at what else is changed in the newer upstream versions, but .7 and .8 look fairly minor, and Debian has probably cherrypicked all the valuables from .6.

So, apart from the one outstanding CVE (which might be nice to include but perhaps ok to leave for followup), the package looks good, so I'll give it my +1.