-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.4) quantal-security; urgency=low
* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
queries
- debian/patches/CVE-2014-0591.patch: don't call memcpy with
overlapping ranges in bin/named/query.c.
- patch backported from 9.8.6-P2.
- CVE-2014-0591
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2014 09:43:20 -0500
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.3) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via incorrect bounds checking on
private type 'keydata'
- lib/dns/rdata/generic/keydata_65533.c: check for correct length.
- Patch backported from 9.8.5-P2
- CVE-2013-4854
-- Marc Deslauriers <email address hidden> Fri, 26 Jul 2013 22:54:25 -0400
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.2) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via regex syntax checking
- configure,configure.in,config.h.in: remove check for regex.h to
disable regex syntax checking.
- CVE-2013-2266
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 15:21:30 -0400
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3.1) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via DNS64 and crafted query
- bin/named/query.c: init rdataset before cleanup.
- Patch backported from 9.8.4-P1
- CVE-2012-5688
-- Marc Deslauriers <email address hidden> Wed, 05 Dec 2012 15:47:08 -0500
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu3) quantal; urgency=low
* SECURITY UPDATE: denial of service via specific combinations of RDATA
- bin/named/query.c: fix logic
- Patch backported from 9.8.3-P4
- CVE-2012-5166
-- Marc Deslauriers <email address hidden> Fri, 05 Oct 2012 09:41:37 -0400
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu2) quantal-proposed; urgency=low
* SECURITY UPDATE: denial of service via large crafted resource record
- check length in lib/dns/include/dns/rdata.h,
lib/dns/{master,rdata,rdataslab}.c. Added tests to
lib/dns/tests/Makefile.in, lib/dns/tests/{master,rdata}_test.c,
lib/dns/tests/testdata/master/master1{5,6}.data.
- Patch backported from 9.8.3-P3
- CVE-2012-4244
-- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 15:57:47 -0400
-
bind9 (1:9.8.1.dfsg.P1-4.2ubuntu1) quantal-proposed; urgency=low
* debian/bind9.apport: Add AppArmor info and logs to apport hook.
-- Marc Deslauriers <email address hidden> Mon, 20 Aug 2012 08:48:47 -0400
-
bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability triggered
through an assert because of using bad cache
(CVE-2012-3817; Closes: #683259).
-- Nico Golde <email address hidden> Mon, 30 Jul 2012 20:56:10 +0200
-
bind9 (1:9.8.1.dfsg.P1-4ubuntu2) quantal; urgency=low
* SECURITY UPDATE: denial of service via dnssec validation load
- lib/dns/resolver.c: don't use bad->expire before it has been set.
- Patch backported from 9.8.3-P2.
- CVE-2012-3817
-- Marc Deslauriers <email address hidden> Thu, 26 Jul 2012 10:45:31 -0400
-
bind9 (1:9.8.1.dfsg.P1-4ubuntu1) quantal; urgency=low
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.8.2.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.8.3-P1.
- CVE-2012-1667
-- Marc Deslauriers <email address hidden> Wed, 20 Jun 2012 15:26:09 -0400
-
bind9 (1:9.8.1.dfsg.P1-4) unstable; urgency=low
[Christoph Egger]
* define _GNU_SOURCE on kfreebsd et al. Closes: #658201
[LaMont Jones]
* chmod typo in postinst. LP: #980798
* Correctly order debhelper bits in postrm. Closes: #661040
-- LaMont Jones <email address hidden> Fri, 13 Apr 2012 12:09:24 -0600
