Change log for bind9 package in Debian
| 76 → 150 of 234 results | First • Previous • Next • Last |
bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
* Non-maintainer upload.
* move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471)
(Closes: #930746)
-- Salvatore Bonaccorso <email address hidden> Fri, 21 Jun 2019 11:24:31 +0200
bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
* AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
Thanks to Steven Monai (Closes: 928398)
-- Bernhard Schmidt <email address hidden> Fri, 03 May 2019 19:44:57 +0200
| Superseded in sid-release |
bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium
[ Bernhard Schmidt ]
* AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827)
[ Ondřej Surý ]
* [CVE-2018-5743]: Limiting simultaneous TCP clients is ineffective
(Closes: #927932)
* Update symbols file for new symbol in libisc
* Enable EDDSA again, but disable broken Ed448 support (Closes: #927962)
-- Ondřej Surý <email address hidden> Fri, 26 Apr 2019 08:33:13 +0000
bind9 (1:9.11.5.P4+dfsg-3) unstable; urgency=medium
* More fixes to the AppArmor policy for Samba AD DLZ
- allow access to /dev/urandom
- allow locking for dns.keytab
- fix path to smb.conf
-- Bernhard Schmidt <email address hidden> Mon, 22 Apr 2019 22:31:06 +0200
| Superseded in sid-release |
bind9 (1:9.11.5.P4+dfsg-2) unstable; urgency=medium
[ Ondřej Surý ]
* Update d/gbp.conf for Debian Buster
[ Bernhard Schmidt ]
* Cherry-Pick upstream commit to prevent dnssec-keymgr from immediately
expiring and deleting old DNSSEC keys when being run for the first
time (Closes: #923984)
* Update AppArmor policy for Samba AD DLZ
- Add changed default location for named.conf
- Allow read/mmap on some Samba libraries
Thanks to Steven Monai (Closes: #920530)
[ Andreas Beckmann ]
* bind9.preinst: cope with ancient conffile named.conf.options
(Closes: #905177)
-- Bernhard Schmidt <email address hidden> Tue, 02 Apr 2019 21:12:50 +0200
bind9 (1:9.11.5.P4+dfsg-1) unstable; urgency=high
[ Bernhard Schmidt ]
* New upstream version 9.11.5.P4+dfsg
- CVE-2018-5744: A specially crafted packet can cause named to leak memory
- CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over
to an unsupported key algorithm when using managed-keys
- CVE-2019-6465: Controls for zone transfers might not be properly applied
to Dynamically Loadable Zones (DLZs) if the zones are writable.
* d/watch: Do not use beta or RC versions
* d/libdns1104.symbols: fix symbols-file-contains-debian-revision for dnstap
symbols
[ Ondřej Surý ]
* Add new upstream GPG signing-key
-- Bernhard Schmidt <email address hidden> Fri, 22 Feb 2019 17:54:10 +0100
bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium
[ Dominik George ]
* Support dyndb modules with apparmor. (Closes: #900879)
[ Bernhard Schmidt ]
* apparmor-policy: permit locking of the allow-new-zones database
(Closes: #922065)
* apparmor-policy: allow access to Samba DLZ files (Closes: #920530)
-- Bernhard Schmidt <email address hidden> Tue, 12 Feb 2019 00:34:21 +0100
bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium * New upstream version 9.11.5.P1+dfsg -- Ondřej Surý <email address hidden> Tue, 18 Dec 2018 13:59:25 +0000
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium * Use <email address hidden> as Maintainer address * New upstream version 9.11.5+dfsg * Add EXTENSIONS= to version file programmatically, not with the patch * Rebase patches for BIND 9.11.5 * Adjust package names for new SONAMEs -- Ondřej Surý <email address hidden> Mon, 22 Oct 2018 10:30:28 +0000
bind9 (1:9.11.4.P2+dfsg-3) unstable; urgency=medium
* Also avoid OpenSSL 1.1.1 in udebs.
Thanks to KiBi for the hint
* autopkgtest: Make an external query and check for DNSSEC
-- Bernhard Schmidt <email address hidden> Wed, 26 Sep 2018 11:21:35 +0200
| Superseded in sid-release |
bind9 (1:9.11.4.P2+dfsg-2) unstable; urgency=medium * Temporarily disable EDDSA to relax OpenSSL version requirement -- Bernhard Schmidt <email address hidden> Mon, 24 Sep 2018 11:08:15 +0200
| Superseded in sid-release |
bind9 (1:9.11.4.P2+dfsg-1) unstable; urgency=medium [ Bernhard Schmidt ] * Add a very simple autopkgtest (dig @127.0.0.1) [ Ondřej Surý ] * New upstream version 9.11.4.P2+dfsg * Rebase patches for BIND 9.11.4-P2 -- Ondřej Surý <email address hidden> Mon, 10 Sep 2018 08:36:06 +0000
| Superseded in sid-release |
bind9 (1:9.11.4.P1+dfsg-1) unstable; urgency=medium
[ Timo Aaltonen ]
* skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
crashing on startup. (LP: #1769440)
[ Bernhard Schmidt ]
* Add gbp.conf for pristine-tar usage
* d/watch: Properly deal with -P patch releases
[ Ondřej Surý ]
* Don't fail to start if /etc/default/bind9 doesn't exist
* New upstream version 9.11.4.P1+dfsg
* Rebase patches for BIND 9.11.4-P1
* Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643)
* Put aside named.conf.option from stretch when upgrading (Closes: #905177)
-- Ondřej Surý <email address hidden> Fri, 31 Aug 2018 09:53:27 +0000
bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium * Brown-paper-bag release :-( * Fix missing colon in AppArmor profile (Closes: #904983) -- Bernhard Schmidt <email address hidden> Mon, 30 Jul 2018 16:28:21 +0200
| Superseded in sid-release |
bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium * Enable IDN support for dig+host using libidn2 (Closes: #459010) * Use root.hints from dns-root-data (Closes: #888491) -- Bernhard Schmidt <email address hidden> Sun, 29 Jul 2018 23:26:09 +0200
bind9 (1:9.11.4+dfsg-2) unstable; urgency=medium * Enable dnstap support (Courtesy of Richard James Salts) (Closes: #890483) * Remove auth-nxdomain no; from named.conf.options (Closes: #896889) -- Ondřej Surý <email address hidden> Mon, 16 Jul 2018 18:49:50 +0000
| Published in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u15) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Addresses could be referenced after being freed in resolver.c, causing an
assertion failure. (CVE-2017-3145)
-- Salvatore Bonaccorso <email address hidden> Mon, 15 Jan 2018 22:58:53 +0100
bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
* [CVE-2018-5738]: Add upstream fix to close the default open recursion
(Closes: #901483)
* Change the maintainer address (Closes: #899959)
-- Ondřej Surý <email address hidden> Thu, 14 Jun 2018 13:01:47 +0000
bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 9.11.3+dfsg
(Closes: #867570, #888463)
- Refresh patches
- Drop stdatomic.h patches applied upstream
* Follow SONAME bump of libdns
* Follow SONAME bump of libisc
* Add missing symbols for libisccfg160
* Add python3-distutils Build-Dependency
* Drop Priority: standard for library packages
* Fix apparmor profile name (Closes: #893005)
Thanks to Andreas Hasenack
* Update bind9-host description (Closes: #729561)
* Add flags=(attach_disconnected) to AppArmor profile to prepare
to use more systemd hardening options, see #863841
* Add myself to Uploaders
[ Ondřej Surý ]
* Update Vcs-* links to salsa.d.o
-- Bernhard Schmidt <email address hidden> Fri, 23 Mar 2018 00:09:58 +0100
| Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u4) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Addresses could be referenced after being freed in resolver.c, causing an
assertion failure. (CVE-2017-3145)
-- Salvatore Bonaccorso <email address hidden> Mon, 15 Jan 2018 22:40:17 +0100
bind9 (1:9.11.2.P1-1) unstable; urgency=medium * New upstream version 9.11.2-P1 * Refresh patches for new release -- Ondřej Surý <email address hidden> Wed, 17 Jan 2018 06:06:04 +0000
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-10) unstable; urgency=medium * Disable lmdb usage in export version of libraries (Closes: #887407) -- Ondřej Surý <email address hidden> Tue, 16 Jan 2018 05:59:31 +0000
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-9) unstable; urgency=medium * Fix various mistakes in bind9 conffiles (Closes: #887398) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 23:12:43 +0000
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-8) unstable; urgency=medium * Pull more stdatomic patch to fix builds on 32-bit architectures * Remove extra native pkcs11 patch (it has been replaced by sed rules) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 21:02:30 +0000
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-7) unstable; urgency=medium * Pull upstream patch to use C11 stdatomic where available (Closes: #778720) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 15:59:48 +0000
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-6) unstable; urgency=medium * Add named-nzd2nzf to bind9 package * Simplify installation rules * Enable lmdb (to actually build named-nzd2nzf) * Move delv from bind9 to dnsutils package (Closes: #887326) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 14:19:31 +0000
bind9 (1:9.11.2+dfsg-5) unstable; urgency=medium * Remove duplicate invoke-rc.d start invocation (Closes: #883575) * Don't fail in postrm when /var/lib/bind cannot be removed (Closes: #882999) * Use dh-apparmor for profile management * apparmor-profile: allow changing thread name (Closes: #883228) * Bump debhelper compat level to 10 * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt <email address hidden> Sun, 10 Dec 2017 20:23:12 +0100
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u14) jessie; urgency=high [ Bernhard Schmidt ] * Import upcoming DNSSEC KSK-2017 from 9.10.5 [ Ondřej Surý ] * Non-maintainer upload. -- Ondřej Surý <email address hidden> Mon, 28 Aug 2017 10:26:39 +0200
bind9 (1:9.11.2+dfsg-4) unstable; urgency=medium * Team upload. * Fix symlinks in libbind-export-dev to point to /lib (Closes: #883536) -- Bernhard Schmidt <email address hidden> Tue, 05 Dec 2017 00:09:25 +0100
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-3) unstable; urgency=medium * Team upload. * Only install files into bind9:any on arch-any builds (Closes: #883448) * Adjust dependencies for udeb packages (Closes: #883449) -- Bernhard Schmidt <email address hidden> Mon, 04 Dec 2017 10:56:58 +0100
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-2) unstable; urgency=medium * Team upload. * Workaround for FTBFS on binary-any builds (Closes: #883159) -- Bernhard Schmidt <email address hidden> Sun, 03 Dec 2017 20:36:32 +0100
| Superseded in sid-release |
bind9 (1:9.11.2+dfsg-1) unstable; urgency=low * d/watch: Bump the BIND version to 9.11.x * Remove 'order random_1' patch, it was a horrible deviation from standards * Modernize d/rules using debhelper * New upstream version 9.11.2+dfsg * Delete dyndb patch, as dyndb is now included in upstream sources * Rebase patches for new upstream release. * Add python3-ply to Build-Depends * Restore the native pkcs11 patch * Fix the Debian version parsing * Remove lwresd as it has been deprecated by upstream anyway * Add new tools: mdig to dnsutils and dnssec-keymgr to bind9utils * Update the SONAMEs of BIND libraries * Fix python3 packaging errors * Bump the standards version to 4.1.1.1 (no change) * Add support for dh_missing -- Ondřej Surý <email address hidden> Tue, 28 Nov 2017 22:59:30 +0000
bind9 (1:9.10.6+dfsg-5) unstable; urgency=medium [ Chris Lamb ] * Make the build reproducible (Closes: #828012) [ Micah Cowan ] * Try not to be fragile to varying value of LIBS make var. (Closes: #833307) [ Ondřej Surý ] * Update the softhsm2.so non-MA path (Closes: #860722) * Enable JSON output in the statistics channel (Closes: #860722) * Merge NMUs' changelogs (Closes: #880077) * Use /dev/urandom to avoid blocking in the server process. (Closes: #854243) -- Ondřej Surý <email address hidden> Thu, 02 Nov 2017 10:31:01 +0000
bind9 (1:9.10.6+dfsg-4) unstable; urgency=medium
[ Michael Biebl ]
* Improve bind9-resolvconf.service (Closes: #826353)
[ Ondřej Surý ]
* Add insserv.conf.d configuration (Closes: #650538)
* Change bind9-resolvconf.server to Type=oneshot + RemainAfterExit=yes (Closes: #832040)
* Only add static and development symlinks for *-export.{a,so} libraries (Closes: #857522)
* Update Vcs-* fields to standard variants
* Rebuild with newer debhelper (Closes: #879542)
-- Ondřej Surý <email address hidden> Mon, 23 Oct 2017 07:02:50 +0000
| Superseded in sid-release |
bind9 (1:9.10.6+dfsg-3) unstable; urgency=medium * Make lwresd hard depend on bind9 package (Closes: #879127) -- Ondřej Surý <email address hidden> Sun, 22 Oct 2017 11:08:20 +0000
| Superseded in sid-release |
bind9 (1:9.10.6+dfsg-2) unstable; urgency=medium [ Timo Aaltonen ] * d/copyright: Add Bv9ARM.pdf to Files-Excluded. [ Ondřej Surý ] * Replace lwresd with symlink instead of hard copy (Closes: #868538) * Fix the symbols file to compensate for missing bsdcompat symbol on kFreeBSD (Closes: #879017) * Re-enable threading support on kFreeBSD (Closes: #879018) * Drop Multi-Arch: same header from libbind-dev (Closes: #874232) * Remove transitional host package (Closes: #645437, #878228) -- Ondřej Surý <email address hidden> Thu, 19 Oct 2017 09:35:03 +0000
| Superseded in sid-release |
bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium
* New upstream version 9.10.6+dfsg
* Use OpenSSL 1.1.0 for crypto
* Add support for downloading upstream sources using d/watch
+ Make d/copyright machine readable for Files-Excluded: support
+ Update Files-Exclude: * to remove obsolete software dropped in
contrib/, but not really used
* Add initial README.source
* Limit the d/watch to 9.10.x (aka stable) for now
* Update patches for BIND 9.10.6 release
* Update PKCS11 patch
* Move under pkg-dns umbrella
* Reformat files in debian/ with wrap-and-sort -a for better maintainability
* Update the d/export.diff for BIND 9.10.6
* Remove FAQ from d/bind9.docs
* Bump SONAME versions for BIND libraries
* Add symbols files for libraries and enable strict symbol checks
* arpaname and named-rrchecker has been moved to /usr/bin
* Install required python library into bind9utils to accompany
dnssec-checkds and dnssec-coverage
* Change Vcs-* to pkg-dns/bind9
* Also exclude idnkit from upstream tarball
* Finish the debian/copyright update into machine readable format
* Enable Multi-Arch on libirs-export189
* Cleanup maintainer scripts
* Add lintian override for false positive on full-path command
* Remove unnecessary complexity when generating ${Description} to d/control
-- Ondřej Surý <email address hidden> Fri, 06 Oct 2017 06:18:21 +0000
| Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium [ Bernhard Schmidt ] * Import upcoming DNSSEC KSK-2017 from 9.10.5 [ Ondřej Surý ] * Non-maintainer upload. -- Ondřej Surý <email address hidden> Mon, 28 Aug 2017 09:36:28 +0200
bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium * Non-maintainer upload. * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794) -- Bernhard Schmidt <email address hidden> Fri, 11 Aug 2017 19:10:07 +0200
bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
* Non-maintainer upload.
* Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
signed TCP message sequences where not all the messages contain TSIG
records. These may be used in AXFR and IXFR responses.
(Closes: #868952)
-- Salvatore Bonaccorso <email address hidden> Fri, 21 Jul 2017 22:28:32 +0200
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u12) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patch to fix CVE-2017-3042 and CVE-2017-3043
CVE-2017-3042: error in TSIG authentication can permit unauthorized zone
transfers. An attacker may be able to circumvent TSIG authentication of
AXFR and Notify requests.
CVE-2017-3043: error in TSIG authentication can permit unauthorized
dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
signature for a dynamic update.
-- Yves-Alexis Perez <email address hidden> Fri, 30 Jun 2017 18:10:30 +0200
| Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* debian/patches:
- debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
transfers. An attacker may be able to circumvent TSIG authentication of
AXFR and Notify requests.
CVE-2017-3143: error in TSIG authentication can permit unauthorized
dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
signature for a dynamic update.
-- Yves-Alexis Perez <email address hidden> Fri, 30 Jun 2017 16:20:29 +0200
bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
* Non-maintainer upload.
[ Yves-Alexis Perez ]
* debian/patches:
- debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
transfers. An attacker may be able to circumvent TSIG authentication of
AXFR and Notify requests.
CVE-2017-3143: error in TSIG authentication can permit unauthorized
dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
signature for a dynamic update.
(Closes: #866564)
-- Salvatore Bonaccorso <email address hidden> Sun, 16 Jul 2017 22:13:21 +0200
bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
* Non-maintainer upload.
* Dns64 with "break-dnssec yes;" can result in a assertion failure
(CVE-2017-3136) (Closes: #860224)
* Some chaining (CNAME or DNAME) responses to upstream queries could trigger
assertion failures (CVE-2017-3137) (Closes: #860225)
* 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
(Closes: #860226)
-- Salvatore Bonaccorso <email address hidden> Sun, 07 May 2017 15:22:46 +0200
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u10) jessie-security; urgency=medium
* Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
* Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
both DNS64 and RPZ are being used (closes: #855520).
-- Michael Gilbert <email address hidden> Sun, 26 Feb 2017 00:03:04 +0000
bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium
* Non-maintainer upload.
* Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
hangs and crashes on MIPS. (Closes: #778720)
-- James Cowgill <email address hidden> Tue, 18 Apr 2017 16:42:50 +0100
bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium
* Non-maintainer upload.
* Use /dev/urandom to avoid blocking in the server process.
(closes: #854243)
-- Bastian Blank <email address hidden> Fri, 17 Mar 2017 19:07:16 +0100
bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high
* Merge and accept the non-maintainer upload.
* Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
* Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
both DNS64 and RPZ are being used (closes: #855520).
-- Michael Gilbert <email address hidden> Sun, 19 Feb 2017 22:39:32 +0000
bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium
* Non-maintainer upload.
* Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
Patch by Marc Haber <email address hidden> (Closes: #820974).
-- Arturo Borrero Gonzalez <email address hidden> Tue, 07 Feb 2017 10:42:00 +0100
bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
* Fix some lintian warnings.
* Add lsb-base dependency to lwresd (closes: #848519).
* Fix CVE-2016-2775: crash in lwresd due to a long query name
(closes: #831796).
* Fix CVE-2016-2776: maliciously crafted query can cause named to crash
(closes: #839010).
* Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
named to crash (closes: #842858).
* Fix CVE-2016-9131: maliciously crafted response to an ANY query can
cause named to crash (closes: #851065).
* Fix CVE-2016-9147: query with contradictory DNSSEC information can
cause named to crash (closes: #851063).
* Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
record can cause named to crash (closes: #851062).
* Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
(closes: #828082).
[ LaMont Jones ]
* Update VCS fields in control.
* -DDIG_SIGCHASE got dropped by the change in hardening.
[ Stefan Bader ]
* Use the defaults file in systemd.
-- Michael Gilbert <email address hidden> Thu, 19 Jan 2017 04:03:28 +0000
| Deleted in experimental-release (Reason: None provided.) |
bind9 (1:9.10.4-P5-1) experimental; urgency=medium
* New upstream: 9.10.4-P5
- Fixes CVE-2016-2775: crash in lwresd due to a long query name
(closes: #831796).
- Fixes CVE-2016-2776: maliciously crafted query can cause named to crash
(closes: #839010).
- Fixes CVE-2016-6170: improper zone size limits (closes: #830810).
- Fixes CVE-2016-8864: incorrect handling of a DNAME record can cause
named to crash (closes: #842858).
- Fixes CVE-2016-9131: maliciously crafted response to an ANY query can
cause named to crash (closes: #851065).
- Fixes CVE-2016-9147: query with contradictory DNSSEC information can
cause named to crash (closes: #851063).
- Fixes CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
record can cause named to crash (closes: #851062).
* Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
(closes: #828082).
* Update debian/copyright to format 1.0.
* Add upstream signing key.
-- Michael Gilbert <email address hidden> Sun, 15 Jan 2017 06:04:12 +0000
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u8) jessie-security; urgency=medium
* CVE-2016-8864: Fix assertion failure in DNAME processing with patch
provided by ISC.
-- Florian Weimer <email address hidden> Tue, 01 Nov 2016 17:51:22 +0100
bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
* Non-maintainer upload.
* Add explicit ordering for nss-lookup.target in bind9.service,
lwresd.service. Patches by Michael Biebl <email address hidden>.
(Closes: #826243, #826245)
-- Christian Hofstaedtler <email address hidden> Sat, 02 Jul 2016 14:32:50 +0200
Available diffs
bind9 (1:9.10.3.dfsg.P4-10) unstable; urgency=medium * Use python3 -- LaMont Jones <email address hidden> Tue, 03 May 2016 17:39:49 -0600
Available diffs
bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium [Timo Aaltonen] * Fix bind9-resolvconf.service installation. * Add support for native pkcs11. LP: #1565392 [Samuel Thibault] * Detect in6_pktinfo on hurd-i386. Closes: #820404 -- LaMont Jones <email address hidden> Wed, 13 Apr 2016 13:19:37 -0600
bind9 (1:9.10.3.dfsg.P4-7) unstable; urgency=medium * Fix libisccc-export dependencies. Closes: #820043 -- Michael Gilbert <email address hidden> Tue, 05 Apr 2016 02:53:22 +0000
| Superseded in sid-release |
bind9 (1:9.10.3.dfsg.P4-6) unstable; urgency=medium * Upload 9.10 to unstable. Closes: #781739 * Add -DNO_VERSION_DATE to CFLAGS. Closes: #783885 -- Michael Gilbert <email address hidden> Mon, 04 Apr 2016 00:39:57 +0000
| Published in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u10) wheezy-security; urgency=high * Fix CVE-2016-1285: error parsing control channel input. * Fix CVE-2016-1286: error parsing DNAME resource records. -- Michael Gilbert <email address hidden> Tue, 08 Mar 2016 02:51:39 +0000
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u6) jessie-security; urgency=high * Fix CVE-2016-1285: error parsing control channel input. * Fix CVE-2016-1286: error parsing DNAME resource records. -- Michael Gilbert <email address hidden> Tue, 08 Mar 2016 00:40:53 +0000
| Deleted in experimental-release (Reason: None provided.) |
bind9 (1:9.10.3.dfsg.P4-5) experimental; urgency=medium * Drop dead code in bind9.preinst. * move from /var/run to /run for policy. -- LaMont Jones <email address hidden> Sat, 19 Mar 2016 19:52:04 -0600
| Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-5) experimental; urgency=medium
[Timo Aaltonen]
* Sync 30_dynamic_db.diff from Fedora.
* rules: Backup some files which dh_autoreconf_clean would remove, restore
on clean.
[Jamie Strandboge]
* apparmor: use @{PROC} instead of /proc, allow read on
sys.net.ipv4.ip_local_port_range. LP: #1552441
[LaMont Jones]
* Return nanosecond-precise time for files, so that we more-correctly know
when we can skip loading a zonefile. (Bug introduced 9.9.3b2)
-- LaMont Jones <email address hidden> Thu, 03 Mar 2016 18:17:06 -0700
| Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium
[Matthias Klose]
* Fix .so symlinks.
* libbind-dev: Depend on libirs141.
* For the udeb's, use a separate build with a reduced feature set, drop the
name difference, and do both builds in a separate directory.
[Filip Pytloun]
* Add apparmor rules needed by freeipa-server. Closes: #814314
[LaMont Jones]
* Do not deliver libraries (left in /lib) as part of bind9. LP: #1547052
* clean up library path for libirs.
-- LaMont Jones <email address hidden> Fri, 19 Feb 2016 14:26:08 -0700
| Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-3) experimental; urgency=medium
[Marc Deslauriers]
* SECURITY UPDATE: denial of service via string formatting operations.
CVE-2015-8704
[Matthias Klose]
* Add multiarch support. Closes: #802584
* Standars cleanup.
[LaMont Jones]
* Properly finish converting to 3.0 (quilt) format.
* Drop geoip_acl patch temporarily while we evaluate the upstream geoip
changes.
* Prechroot init appears to have been taken upstream.
-- LaMont Jones <email address hidden> Wed, 17 Feb 2016 10:34:24 -0700
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patch to fix CVE-2015-8000.
CVE-2015-8000: Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted, triggering a REQUIRE
failure when those records were subsequently cached.
-- Salvatore Bonaccorso <email address hidden> Mon, 14 Dec 2015 20:02:04 +0100
bind9 (1:9.9.5.dfsg-12.1) unstable; urgency=high
* Non-maintainer upload.
* Add patch to fix CVE-2015-8000.
CVE-2015-8000: Insufficient testing when parsing a message allowed
records with an incorrect class to be accepted, triggering a REQUIRE
failure when those records were subsequently cached. (Closes: #808081)
-- Salvatore Bonaccorso <email address hidden> Wed, 16 Dec 2015 15:01:39 +0100
Available diffs
| Superseded in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u6) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
result in an assertion failure.
-- Salvatore Bonaccorso <email address hidden> Mon, 27 Jul 2015 20:52:06 +0200
| Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
result in an assertion failure.
-- Salvatore Bonaccorso <email address hidden> Mon, 27 Jul 2015 21:06:05 +0200
bind9 (1:9.9.5.dfsg-12) unstable; urgency=high * Fix CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash. -- Michael Gilbert <email address hidden> Thu, 03 Sep 2015 01:16:32 +0000
Available diffs
bind9 (1:9.9.5.dfsg-11) unstable; urgency=high
* Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
(closes: #793903).
-- Michael Gilbert <email address hidden> Wed, 29 Jul 2015 23:46:48 +0000
Available diffs
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
* Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
cause the resolver to crash (closes: #791715).
-- Michael Gilbert <email address hidden> Thu, 09 Jul 2015 00:43:38 +0000
Available diffs
bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
* Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
affecting setups using DNSSEC (closes: #778733).
-- Michael Gilbert <email address hidden> Thu, 19 Feb 2015 03:42:21 +0000
Available diffs
| Superseded in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u3) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2014-8500: Failure to place limits on delegation chaining can allow an
attacker to crash BIND or cause memory exhaustion.
-- Giuseppe Iuculano <email address hidden> Mon, 08 Dec 2014 20:02:06 +0100
bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium
* Launch rndc command in the background in networking scripts to avoid a
hang in named from bringing down the entire network (closes: #760555).
-- Michael Gilbert <email address hidden> Thu, 01 Jan 2015 17:51:52 +0000
Available diffs
bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
* Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
issues that can lead to denial-of-service (closes: #772610).
-- Michael Gilbert <email address hidden> Sun, 14 Dec 2014 05:05:48 +0000
| 76 → 150 of 234 results | First • Previous • Next • Last |
