Change log for bind9 package in Debian
76 → 150 of 234 results | First • Previous • Next • Last |
bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high * Non-maintainer upload. * move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471) (Closes: #930746) -- Salvatore Bonaccorso <email address hidden> Fri, 21 Jun 2019 11:24:31 +0200
bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium * AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ. Thanks to Steven Monai (Closes: 928398) -- Bernhard Schmidt <email address hidden> Fri, 03 May 2019 19:44:57 +0200
Superseded in sid-release |
bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium [ Bernhard Schmidt ] * AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827) [ Ondřej Surý ] * [CVE-2018-5743]: Limiting simultaneous TCP clients is ineffective (Closes: #927932) * Update symbols file for new symbol in libisc * Enable EDDSA again, but disable broken Ed448 support (Closes: #927962) -- Ondřej Surý <email address hidden> Fri, 26 Apr 2019 08:33:13 +0000
bind9 (1:9.11.5.P4+dfsg-3) unstable; urgency=medium * More fixes to the AppArmor policy for Samba AD DLZ - allow access to /dev/urandom - allow locking for dns.keytab - fix path to smb.conf -- Bernhard Schmidt <email address hidden> Mon, 22 Apr 2019 22:31:06 +0200
Superseded in sid-release |
bind9 (1:9.11.5.P4+dfsg-2) unstable; urgency=medium [ Ondřej Surý ] * Update d/gbp.conf for Debian Buster [ Bernhard Schmidt ] * Cherry-Pick upstream commit to prevent dnssec-keymgr from immediately expiring and deleting old DNSSEC keys when being run for the first time (Closes: #923984) * Update AppArmor policy for Samba AD DLZ - Add changed default location for named.conf - Allow read/mmap on some Samba libraries Thanks to Steven Monai (Closes: #920530) [ Andreas Beckmann ] * bind9.preinst: cope with ancient conffile named.conf.options (Closes: #905177) -- Bernhard Schmidt <email address hidden> Tue, 02 Apr 2019 21:12:50 +0200
bind9 (1:9.11.5.P4+dfsg-1) unstable; urgency=high [ Bernhard Schmidt ] * New upstream version 9.11.5.P4+dfsg - CVE-2018-5744: A specially crafted packet can cause named to leak memory - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys - CVE-2019-6465: Controls for zone transfers might not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. * d/watch: Do not use beta or RC versions * d/libdns1104.symbols: fix symbols-file-contains-debian-revision for dnstap symbols [ Ondřej Surý ] * Add new upstream GPG signing-key -- Bernhard Schmidt <email address hidden> Fri, 22 Feb 2019 17:54:10 +0100
bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium [ Dominik George ] * Support dyndb modules with apparmor. (Closes: #900879) [ Bernhard Schmidt ] * apparmor-policy: permit locking of the allow-new-zones database (Closes: #922065) * apparmor-policy: allow access to Samba DLZ files (Closes: #920530) -- Bernhard Schmidt <email address hidden> Tue, 12 Feb 2019 00:34:21 +0100
bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium * New upstream version 9.11.5.P1+dfsg -- Ondřej Surý <email address hidden> Tue, 18 Dec 2018 13:59:25 +0000
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium * Use <email address hidden> as Maintainer address * New upstream version 9.11.5+dfsg * Add EXTENSIONS= to version file programmatically, not with the patch * Rebase patches for BIND 9.11.5 * Adjust package names for new SONAMEs -- Ondřej Surý <email address hidden> Mon, 22 Oct 2018 10:30:28 +0000
bind9 (1:9.11.4.P2+dfsg-3) unstable; urgency=medium * Also avoid OpenSSL 1.1.1 in udebs. Thanks to KiBi for the hint * autopkgtest: Make an external query and check for DNSSEC -- Bernhard Schmidt <email address hidden> Wed, 26 Sep 2018 11:21:35 +0200
Superseded in sid-release |
bind9 (1:9.11.4.P2+dfsg-2) unstable; urgency=medium * Temporarily disable EDDSA to relax OpenSSL version requirement -- Bernhard Schmidt <email address hidden> Mon, 24 Sep 2018 11:08:15 +0200
Superseded in sid-release |
bind9 (1:9.11.4.P2+dfsg-1) unstable; urgency=medium [ Bernhard Schmidt ] * Add a very simple autopkgtest (dig @127.0.0.1) [ Ondřej Surý ] * New upstream version 9.11.4.P2+dfsg * Rebase patches for BIND 9.11.4-P2 -- Ondřej Surý <email address hidden> Mon, 10 Sep 2018 08:36:06 +0000
Superseded in sid-release |
bind9 (1:9.11.4.P1+dfsg-1) unstable; urgency=medium [ Timo Aaltonen ] * skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11 crashing on startup. (LP: #1769440) [ Bernhard Schmidt ] * Add gbp.conf for pristine-tar usage * d/watch: Properly deal with -P patch releases [ Ondřej Surý ] * Don't fail to start if /etc/default/bind9 doesn't exist * New upstream version 9.11.4.P1+dfsg * Rebase patches for BIND 9.11.4-P1 * Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643) * Put aside named.conf.option from stretch when upgrading (Closes: #905177) -- Ondřej Surý <email address hidden> Fri, 31 Aug 2018 09:53:27 +0000
bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium * Brown-paper-bag release :-( * Fix missing colon in AppArmor profile (Closes: #904983) -- Bernhard Schmidt <email address hidden> Mon, 30 Jul 2018 16:28:21 +0200
Superseded in sid-release |
bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium * Enable IDN support for dig+host using libidn2 (Closes: #459010) * Use root.hints from dns-root-data (Closes: #888491) -- Bernhard Schmidt <email address hidden> Sun, 29 Jul 2018 23:26:09 +0200
bind9 (1:9.11.4+dfsg-2) unstable; urgency=medium * Enable dnstap support (Courtesy of Richard James Salts) (Closes: #890483) * Remove auth-nxdomain no; from named.conf.options (Closes: #896889) -- Ondřej Surý <email address hidden> Mon, 16 Jul 2018 18:49:50 +0000
Published in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u15) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Addresses could be referenced after being freed in resolver.c, causing an assertion failure. (CVE-2017-3145) -- Salvatore Bonaccorso <email address hidden> Mon, 15 Jan 2018 22:58:53 +0100
bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium * [CVE-2018-5738]: Add upstream fix to close the default open recursion (Closes: #901483) * Change the maintainer address (Closes: #899959) -- Ondřej Surý <email address hidden> Thu, 14 Jun 2018 13:01:47 +0000
bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium [ Bernhard Schmidt ] * New upstream version 9.11.3+dfsg (Closes: #867570, #888463) - Refresh patches - Drop stdatomic.h patches applied upstream * Follow SONAME bump of libdns * Follow SONAME bump of libisc * Add missing symbols for libisccfg160 * Add python3-distutils Build-Dependency * Drop Priority: standard for library packages * Fix apparmor profile name (Closes: #893005) Thanks to Andreas Hasenack * Update bind9-host description (Closes: #729561) * Add flags=(attach_disconnected) to AppArmor profile to prepare to use more systemd hardening options, see #863841 * Add myself to Uploaders [ Ondřej Surý ] * Update Vcs-* links to salsa.d.o -- Bernhard Schmidt <email address hidden> Fri, 23 Mar 2018 00:09:58 +0100
Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u4) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Addresses could be referenced after being freed in resolver.c, causing an assertion failure. (CVE-2017-3145) -- Salvatore Bonaccorso <email address hidden> Mon, 15 Jan 2018 22:40:17 +0100
bind9 (1:9.11.2.P1-1) unstable; urgency=medium * New upstream version 9.11.2-P1 * Refresh patches for new release -- Ondřej Surý <email address hidden> Wed, 17 Jan 2018 06:06:04 +0000
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-10) unstable; urgency=medium * Disable lmdb usage in export version of libraries (Closes: #887407) -- Ondřej Surý <email address hidden> Tue, 16 Jan 2018 05:59:31 +0000
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-9) unstable; urgency=medium * Fix various mistakes in bind9 conffiles (Closes: #887398) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 23:12:43 +0000
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-8) unstable; urgency=medium * Pull more stdatomic patch to fix builds on 32-bit architectures * Remove extra native pkcs11 patch (it has been replaced by sed rules) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 21:02:30 +0000
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-7) unstable; urgency=medium * Pull upstream patch to use C11 stdatomic where available (Closes: #778720) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 15:59:48 +0000
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-6) unstable; urgency=medium * Add named-nzd2nzf to bind9 package * Simplify installation rules * Enable lmdb (to actually build named-nzd2nzf) * Move delv from bind9 to dnsutils package (Closes: #887326) -- Ondřej Surý <email address hidden> Mon, 15 Jan 2018 14:19:31 +0000
bind9 (1:9.11.2+dfsg-5) unstable; urgency=medium * Remove duplicate invoke-rc.d start invocation (Closes: #883575) * Don't fail in postrm when /var/lib/bind cannot be removed (Closes: #882999) * Use dh-apparmor for profile management * apparmor-profile: allow changing thread name (Closes: #883228) * Bump debhelper compat level to 10 * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt <email address hidden> Sun, 10 Dec 2017 20:23:12 +0100
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u14) jessie; urgency=high [ Bernhard Schmidt ] * Import upcoming DNSSEC KSK-2017 from 9.10.5 [ Ondřej Surý ] * Non-maintainer upload. -- Ondřej Surý <email address hidden> Mon, 28 Aug 2017 10:26:39 +0200
bind9 (1:9.11.2+dfsg-4) unstable; urgency=medium * Team upload. * Fix symlinks in libbind-export-dev to point to /lib (Closes: #883536) -- Bernhard Schmidt <email address hidden> Tue, 05 Dec 2017 00:09:25 +0100
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-3) unstable; urgency=medium * Team upload. * Only install files into bind9:any on arch-any builds (Closes: #883448) * Adjust dependencies for udeb packages (Closes: #883449) -- Bernhard Schmidt <email address hidden> Mon, 04 Dec 2017 10:56:58 +0100
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-2) unstable; urgency=medium * Team upload. * Workaround for FTBFS on binary-any builds (Closes: #883159) -- Bernhard Schmidt <email address hidden> Sun, 03 Dec 2017 20:36:32 +0100
Superseded in sid-release |
bind9 (1:9.11.2+dfsg-1) unstable; urgency=low * d/watch: Bump the BIND version to 9.11.x * Remove 'order random_1' patch, it was a horrible deviation from standards * Modernize d/rules using debhelper * New upstream version 9.11.2+dfsg * Delete dyndb patch, as dyndb is now included in upstream sources * Rebase patches for new upstream release. * Add python3-ply to Build-Depends * Restore the native pkcs11 patch * Fix the Debian version parsing * Remove lwresd as it has been deprecated by upstream anyway * Add new tools: mdig to dnsutils and dnssec-keymgr to bind9utils * Update the SONAMEs of BIND libraries * Fix python3 packaging errors * Bump the standards version to 4.1.1.1 (no change) * Add support for dh_missing -- Ondřej Surý <email address hidden> Tue, 28 Nov 2017 22:59:30 +0000
bind9 (1:9.10.6+dfsg-5) unstable; urgency=medium [ Chris Lamb ] * Make the build reproducible (Closes: #828012) [ Micah Cowan ] * Try not to be fragile to varying value of LIBS make var. (Closes: #833307) [ Ondřej Surý ] * Update the softhsm2.so non-MA path (Closes: #860722) * Enable JSON output in the statistics channel (Closes: #860722) * Merge NMUs' changelogs (Closes: #880077) * Use /dev/urandom to avoid blocking in the server process. (Closes: #854243) -- Ondřej Surý <email address hidden> Thu, 02 Nov 2017 10:31:01 +0000
bind9 (1:9.10.6+dfsg-4) unstable; urgency=medium [ Michael Biebl ] * Improve bind9-resolvconf.service (Closes: #826353) [ Ondřej Surý ] * Add insserv.conf.d configuration (Closes: #650538) * Change bind9-resolvconf.server to Type=oneshot + RemainAfterExit=yes (Closes: #832040) * Only add static and development symlinks for *-export.{a,so} libraries (Closes: #857522) * Update Vcs-* fields to standard variants * Rebuild with newer debhelper (Closes: #879542) -- Ondřej Surý <email address hidden> Mon, 23 Oct 2017 07:02:50 +0000
Superseded in sid-release |
bind9 (1:9.10.6+dfsg-3) unstable; urgency=medium * Make lwresd hard depend on bind9 package (Closes: #879127) -- Ondřej Surý <email address hidden> Sun, 22 Oct 2017 11:08:20 +0000
Superseded in sid-release |
bind9 (1:9.10.6+dfsg-2) unstable; urgency=medium [ Timo Aaltonen ] * d/copyright: Add Bv9ARM.pdf to Files-Excluded. [ Ondřej Surý ] * Replace lwresd with symlink instead of hard copy (Closes: #868538) * Fix the symbols file to compensate for missing bsdcompat symbol on kFreeBSD (Closes: #879017) * Re-enable threading support on kFreeBSD (Closes: #879018) * Drop Multi-Arch: same header from libbind-dev (Closes: #874232) * Remove transitional host package (Closes: #645437, #878228) -- Ondřej Surý <email address hidden> Thu, 19 Oct 2017 09:35:03 +0000
Superseded in sid-release |
bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium * New upstream version 9.10.6+dfsg * Use OpenSSL 1.1.0 for crypto * Add support for downloading upstream sources using d/watch + Make d/copyright machine readable for Files-Excluded: support + Update Files-Exclude: * to remove obsolete software dropped in contrib/, but not really used * Add initial README.source * Limit the d/watch to 9.10.x (aka stable) for now * Update patches for BIND 9.10.6 release * Update PKCS11 patch * Move under pkg-dns umbrella * Reformat files in debian/ with wrap-and-sort -a for better maintainability * Update the d/export.diff for BIND 9.10.6 * Remove FAQ from d/bind9.docs * Bump SONAME versions for BIND libraries * Add symbols files for libraries and enable strict symbol checks * arpaname and named-rrchecker has been moved to /usr/bin * Install required python library into bind9utils to accompany dnssec-checkds and dnssec-coverage * Change Vcs-* to pkg-dns/bind9 * Also exclude idnkit from upstream tarball * Finish the debian/copyright update into machine readable format * Enable Multi-Arch on libirs-export189 * Cleanup maintainer scripts * Add lintian override for false positive on full-path command * Remove unnecessary complexity when generating ${Description} to d/control -- Ondřej Surý <email address hidden> Fri, 06 Oct 2017 06:18:21 +0000
Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium [ Bernhard Schmidt ] * Import upcoming DNSSEC KSK-2017 from 9.10.5 [ Ondřej Surý ] * Non-maintainer upload. -- Ondřej Surý <email address hidden> Mon, 28 Aug 2017 09:36:28 +0200
bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium * Non-maintainer upload. * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794) -- Bernhard Schmidt <email address hidden> Fri, 11 Aug 2017 19:10:07 +0200
bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium * Non-maintainer upload. * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. These may be used in AXFR and IXFR responses. (Closes: #868952) -- Salvatore Bonaccorso <email address hidden> Fri, 21 Jul 2017 22:28:32 +0200
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u12) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add patch to fix CVE-2017-3042 and CVE-2017-3043 CVE-2017-3042: error in TSIG authentication can permit unauthorized zone transfers. An attacker may be able to circumvent TSIG authentication of AXFR and Notify requests. CVE-2017-3043: error in TSIG authentication can permit unauthorized dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0) signature for a dynamic update. -- Yves-Alexis Perez <email address hidden> Fri, 30 Jun 2017 18:10:30 +0200
Superseded in stretch-release |
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * debian/patches: - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses CVE-2017-3142: error in TSIG authentication can permit unauthorized zone transfers. An attacker may be able to circumvent TSIG authentication of AXFR and Notify requests. CVE-2017-3143: error in TSIG authentication can permit unauthorized dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0) signature for a dynamic update. -- Yves-Alexis Perez <email address hidden> Fri, 30 Jun 2017 16:20:29 +0200
bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high * Non-maintainer upload. [ Yves-Alexis Perez ] * debian/patches: - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses CVE-2017-3142: error in TSIG authentication can permit unauthorized zone transfers. An attacker may be able to circumvent TSIG authentication of AXFR and Notify requests. CVE-2017-3143: error in TSIG authentication can permit unauthorized dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0) signature for a dynamic update. (Closes: #866564) -- Salvatore Bonaccorso <email address hidden> Sun, 16 Jul 2017 22:13:21 +0200
bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high * Non-maintainer upload. * Dns64 with "break-dnssec yes;" can result in a assertion failure (CVE-2017-3136) (Closes: #860224) * Some chaining (CNAME or DNAME) responses to upstream queries could trigger assertion failures (CVE-2017-3137) (Closes: #860225) * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138) (Closes: #860226) -- Salvatore Bonaccorso <email address hidden> Sun, 07 May 2017 15:22:46 +0200
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u10) jessie-security; urgency=medium * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540). * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if both DNS64 and RPZ are being used (closes: #855520). -- Michael Gilbert <email address hidden> Sun, 26 Feb 2017 00:03:04 +0000
bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium * Non-maintainer upload. * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes hangs and crashes on MIPS. (Closes: #778720) -- James Cowgill <email address hidden> Tue, 18 Apr 2017 16:42:50 +0100
bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium * Non-maintainer upload. * Use /dev/urandom to avoid blocking in the server process. (closes: #854243) -- Bastian Blank <email address hidden> Fri, 17 Mar 2017 19:07:16 +0100
bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high * Merge and accept the non-maintainer upload. * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540). * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if both DNS64 and RPZ are being used (closes: #855520). -- Michael Gilbert <email address hidden> Sun, 19 Feb 2017 22:39:32 +0000
bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium * Non-maintainer upload. * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot. Patch by Marc Haber <email address hidden> (Closes: #820974). -- Arturo Borrero Gonzalez <email address hidden> Tue, 07 Feb 2017 10:42:00 +0100
bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium * Fix some lintian warnings. * Add lsb-base dependency to lwresd (closes: #848519). * Fix CVE-2016-2775: crash in lwresd due to a long query name (closes: #831796). * Fix CVE-2016-2776: maliciously crafted query can cause named to crash (closes: #839010). * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause named to crash (closes: #842858). * Fix CVE-2016-9131: maliciously crafted response to an ANY query can cause named to crash (closes: #851065). * Fix CVE-2016-9147: query with contradictory DNSSEC information can cause named to crash (closes: #851063). * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) record can cause named to crash (closes: #851062). * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now (closes: #828082). [ LaMont Jones ] * Update VCS fields in control. * -DDIG_SIGCHASE got dropped by the change in hardening. [ Stefan Bader ] * Use the defaults file in systemd. -- Michael Gilbert <email address hidden> Thu, 19 Jan 2017 04:03:28 +0000
Deleted in experimental-release (Reason: None provided.) |
bind9 (1:9.10.4-P5-1) experimental; urgency=medium * New upstream: 9.10.4-P5 - Fixes CVE-2016-2775: crash in lwresd due to a long query name (closes: #831796). - Fixes CVE-2016-2776: maliciously crafted query can cause named to crash (closes: #839010). - Fixes CVE-2016-6170: improper zone size limits (closes: #830810). - Fixes CVE-2016-8864: incorrect handling of a DNAME record can cause named to crash (closes: #842858). - Fixes CVE-2016-9131: maliciously crafted response to an ANY query can cause named to crash (closes: #851065). - Fixes CVE-2016-9147: query with contradictory DNSSEC information can cause named to crash (closes: #851063). - Fixes CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) record can cause named to crash (closes: #851062). * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now (closes: #828082). * Update debian/copyright to format 1.0. * Add upstream signing key. -- Michael Gilbert <email address hidden> Sun, 15 Jan 2017 06:04:12 +0000
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u8) jessie-security; urgency=medium * CVE-2016-8864: Fix assertion failure in DNAME processing with patch provided by ISC. -- Florian Weimer <email address hidden> Tue, 01 Nov 2016 17:51:22 +0100
bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium * Non-maintainer upload. * Add explicit ordering for nss-lookup.target in bind9.service, lwresd.service. Patches by Michael Biebl <email address hidden>. (Closes: #826243, #826245) -- Christian Hofstaedtler <email address hidden> Sat, 02 Jul 2016 14:32:50 +0200
Available diffs
bind9 (1:9.10.3.dfsg.P4-10) unstable; urgency=medium * Use python3 -- LaMont Jones <email address hidden> Tue, 03 May 2016 17:39:49 -0600
Available diffs
bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium [Timo Aaltonen] * Fix bind9-resolvconf.service installation. * Add support for native pkcs11. LP: #1565392 [Samuel Thibault] * Detect in6_pktinfo on hurd-i386. Closes: #820404 -- LaMont Jones <email address hidden> Wed, 13 Apr 2016 13:19:37 -0600
bind9 (1:9.10.3.dfsg.P4-7) unstable; urgency=medium * Fix libisccc-export dependencies. Closes: #820043 -- Michael Gilbert <email address hidden> Tue, 05 Apr 2016 02:53:22 +0000
Superseded in sid-release |
bind9 (1:9.10.3.dfsg.P4-6) unstable; urgency=medium * Upload 9.10 to unstable. Closes: #781739 * Add -DNO_VERSION_DATE to CFLAGS. Closes: #783885 -- Michael Gilbert <email address hidden> Mon, 04 Apr 2016 00:39:57 +0000
Published in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u10) wheezy-security; urgency=high * Fix CVE-2016-1285: error parsing control channel input. * Fix CVE-2016-1286: error parsing DNAME resource records. -- Michael Gilbert <email address hidden> Tue, 08 Mar 2016 02:51:39 +0000
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u6) jessie-security; urgency=high * Fix CVE-2016-1285: error parsing control channel input. * Fix CVE-2016-1286: error parsing DNAME resource records. -- Michael Gilbert <email address hidden> Tue, 08 Mar 2016 00:40:53 +0000
Deleted in experimental-release (Reason: None provided.) |
bind9 (1:9.10.3.dfsg.P4-5) experimental; urgency=medium * Drop dead code in bind9.preinst. * move from /var/run to /run for policy. -- LaMont Jones <email address hidden> Sat, 19 Mar 2016 19:52:04 -0600
Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-5) experimental; urgency=medium [Timo Aaltonen] * Sync 30_dynamic_db.diff from Fedora. * rules: Backup some files which dh_autoreconf_clean would remove, restore on clean. [Jamie Strandboge] * apparmor: use @{PROC} instead of /proc, allow read on sys.net.ipv4.ip_local_port_range. LP: #1552441 [LaMont Jones] * Return nanosecond-precise time for files, so that we more-correctly know when we can skip loading a zonefile. (Bug introduced 9.9.3b2) -- LaMont Jones <email address hidden> Thu, 03 Mar 2016 18:17:06 -0700
Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium [Matthias Klose] * Fix .so symlinks. * libbind-dev: Depend on libirs141. * For the udeb's, use a separate build with a reduced feature set, drop the name difference, and do both builds in a separate directory. [Filip Pytloun] * Add apparmor rules needed by freeipa-server. Closes: #814314 [LaMont Jones] * Do not deliver libraries (left in /lib) as part of bind9. LP: #1547052 * clean up library path for libirs. -- LaMont Jones <email address hidden> Fri, 19 Feb 2016 14:26:08 -0700
Superseded in experimental-release |
bind9 (1:9.10.3.dfsg.P2-3) experimental; urgency=medium [Marc Deslauriers] * SECURITY UPDATE: denial of service via string formatting operations. CVE-2015-8704 [Matthias Klose] * Add multiarch support. Closes: #802584 * Standars cleanup. [LaMont Jones] * Properly finish converting to 3.0 (quilt) format. * Drop geoip_acl patch temporarily while we evaluate the upstream geoip changes. * Prechroot init appears to have been taken upstream. -- LaMont Jones <email address hidden> Wed, 17 Feb 2016 10:34:24 -0700
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add patch to fix CVE-2015-8000. CVE-2015-8000: Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. -- Salvatore Bonaccorso <email address hidden> Mon, 14 Dec 2015 20:02:04 +0100
bind9 (1:9.9.5.dfsg-12.1) unstable; urgency=high * Non-maintainer upload. * Add patch to fix CVE-2015-8000. CVE-2015-8000: Insufficient testing when parsing a message allowed records with an incorrect class to be accepted, triggering a REQUIRE failure when those records were subsequently cached. (Closes: #808081) -- Salvatore Bonaccorso <email address hidden> Wed, 16 Dec 2015 15:01:39 +0100
Available diffs
Superseded in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u6) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2015-5477: A failure to reset a value to NULL in tkey.c could result in an assertion failure. -- Salvatore Bonaccorso <email address hidden> Mon, 27 Jul 2015 20:52:06 +0200
Superseded in jessie-release |
bind9 (1:9.9.5.dfsg-9+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2015-5477: A failure to reset a value to NULL in tkey.c could result in an assertion failure. -- Salvatore Bonaccorso <email address hidden> Mon, 27 Jul 2015 21:06:05 +0200
bind9 (1:9.9.5.dfsg-12) unstable; urgency=high * Fix CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash. -- Michael Gilbert <email address hidden> Thu, 03 Sep 2015 01:16:32 +0000
Available diffs
bind9 (1:9.9.5.dfsg-11) unstable; urgency=high * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit (closes: #793903). -- Michael Gilbert <email address hidden> Wed, 29 Jul 2015 23:46:48 +0000
Available diffs
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can cause the resolver to crash (closes: #791715). -- Michael Gilbert <email address hidden> Thu, 09 Jul 2015 00:43:38 +0000
Available diffs
bind9 (1:9.9.5.dfsg-9) unstable; urgency=high * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only affecting setups using DNSSEC (closes: #778733). -- Michael Gilbert <email address hidden> Thu, 19 Feb 2015 03:42:21 +0000
Available diffs
Superseded in wheezy-release |
bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u3) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2014-8500: Failure to place limits on delegation chaining can allow an attacker to crash BIND or cause memory exhaustion. -- Giuseppe Iuculano <email address hidden> Mon, 08 Dec 2014 20:02:06 +0100
bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium * Launch rndc command in the background in networking scripts to avoid a hang in named from bringing down the entire network (closes: #760555). -- Michael Gilbert <email address hidden> Thu, 01 Jan 2015 17:51:52 +0000
Available diffs
bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium * Fix CVE-2014-8500: limit recursion in order to avoid memory consuption issues that can lead to denial-of-service (closes: #772610). -- Michael Gilbert <email address hidden> Sun, 14 Dec 2014 05:05:48 +0000
76 → 150 of 234 results | First • Previous • Next • Last |