File bind-CVE-2015-1349.patch of Package bind

--- a/lib/dns/zone.c	
+++ a/lib/dns/zone.c	
@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
 					     namebuf, tag);
 				trustkey = ISC_TRUE;
 			}
+		} else {
+			/*
+			 * No previously known key, and the key is not
+			 * secure, so skip it.
+			 */
+			continue;
 		}
 
 		/* Delete old version */
@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
 			trust_key(zone, keyname, &dnskey, mctx);
 		}
 
-		if (!deletekey) {
+		if (secure && !deletekey) {
 			INSIST(newkey || updatekey);
 			set_refreshkeytimer(zone, &keydata, now);
 		}