bind: bump to 9.16.37
Fixes multiple CVEs. Upstream changelog is
https://ftp.isc.org/isc/bind9/9.16.37/CHANGES
CVEs fixed:
CVE-2022-3924: Fix serve-stale crash when recursive clients soft quota
is reached.
CVE-2022-3736: Handle RRSIG lookups when serve-stale is active.
CVE-2022-3094: An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>