-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.7) yakkety-security; urgency=medium
* SECURITY UPDATE: TSIG authentication issues
- debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
- CVE-2017-3142
- CVE-2017-3143
-- Marc Deslauriers <email address hidden> Thu, 29 Jun 2017 07:50:47 -0400
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.6) yakkety-security; urgency=medium
* SECURITY UPDATE: Denial of Service due to an error handling
synthesized records when using DNS64 with "break-dnssec yes;"
- debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
called.
- CVE-2017-3136
* SECURITY UPDATE: Denial of Service due to resolver terminating when
processing a response packet containing a CNAME or DNAME
- debian/patches/CVE-2017-3137.patch: don't expect a specific
ordering of answer components; add testcases.
- CVE-2017-3137
* SECURITY UPDATE: Denial of Service when receiving a null command on
the control channel
- debian/patches/CVE-2017-3138.patch: don't throw an assert if no
command token is given; add testcase.
- CVE-2017-3138
-- Steve Beattie <email address hidden> Thu, 13 Apr 2017 11:58:45 -0700
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.4) yakkety; urgency=medium
* Add RemainAfterExit to bind9-resolvconf unit configuration file
(LP: #1536181).
-- Nishanth Aravamudan <email address hidden> Wed, 22 Mar 2017 10:09:25 -0700
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.3) yakkety-security; urgency=medium
* SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
a NULL pointer
- debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
combination in bin/named/query.c, lib/dns/message.c,
lib/dns/rdataset.c.
- CVE-2017-3135
* SECURITY UPDATE: regression in CVE-2016-8864
- debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
was still being cached when it should have been in lib/dns/resolver.c,
added tests to bin/tests/system/dname/ans3/ans.pl,
bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 10:28:12 -0500
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.2) yakkety-security; urgency=medium
* SECURITY UPDATE: assertion failure via class mismatch
- debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
records in lib/dns/resolver.c.
- CVE-2016-9131
* SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
- debian/patches/CVE-2016-9147.patch: fix logic when records are
returned without the requested data in lib/dns/resolver.c.
- CVE-2016-9147
* SECURITY UPDATE: assertion failure via unusually-formed DS record
- debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
lib/dns/message.c, lib/dns/resolver.c.
- CVE-2016-9444
* SECURITY UPDATE: regression in CVE-2016-8864
- debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
responses in lib/dns/resolver.c, added tests to
bin/tests/system/dname/ns2/example.db,
bin/tests/system/dname/tests.sh.
- No CVE number
-- Marc Deslauriers <email address hidden> Mon, 09 Jan 2017 08:37:39 -0500
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: denial of service via responses containing a DNAME
answer
- debian/patches/CVE-2016-8864.patch: remove assertion failure in
lib/dns/resolver.c.
- CVE-2016-8864
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 08:53:39 -0400
-
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium
* SECURITY UPDATE: denial of service via assertion failure
- debian/patches/CVE-2016-2776.patch: properly handle lengths in
lib/dns/message.c.
- CVE-2016-2776
-- Marc Deslauriers <email address hidden> Tue, 04 Oct 2016 14:31:17 -0400
-
bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
* Non-maintainer upload.
* Add explicit ordering for nss-lookup.target in bind9.service,
lwresd.service. Patches by Michael Biebl <email address hidden>.
(Closes: #826243, #826245)
-- Christian Hofstaedtler <email address hidden> Sat, 02 Jul 2016 14:32:50 +0200
-
bind9 (1:9.10.3.dfsg.P4-10) unstable; urgency=medium
* Use python3
-- LaMont Jones <email address hidden> Tue, 03 May 2016 17:39:49 -0600
-
bind9 (1:9.10.3.dfsg.P4-9) unstable; urgency=medium
* Fix bad patch from when we switched to quilt. Closes: #820847 LP:
#1552801, #1549788, #1553460
* freshen patch to remove fuzz.
-- LaMont Jones <email address hidden> Tue, 26 Apr 2016 15:17:58 -0600
-
bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium
[Timo Aaltonen]
* Fix bind9-resolvconf.service installation.
* Add support for native pkcs11. LP: #1565392
[Samuel Thibault]
* Detect in6_pktinfo on hurd-i386. Closes: #820404
-- LaMont Jones <email address hidden> Wed, 13 Apr 2016 13:19:37 -0600
