Debian Bug report logs -
#970737
CVE-2020-17482
Reported by: Chris Hofstaedtler <zeha@debian.org>
Date: Tue, 22 Sep 2020 19:09:01 UTC
Severity: important
Tags: security
Found in versions pdns/4.1.6-3, pdns/4.0.3-1, pdns/4.3.0-5
Fixed in version pdns/4.3.1-1
Done: Chris Hofstaedtler <zeha@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, pdns packagers <pdns@packages.debian.org>:
Bug#970737; Package src:pdns.
(Tue, 22 Sep 2020 19:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Hofstaedtler <zeha@debian.org>:
New Bug report received and forwarded. Copy sent to pdns packagers <pdns@packages.debian.org>.
(Tue, 22 Sep 2020 19:09:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: pdns
Severity: important
Tags: security
Control: found -1 4.0.3-1
Control: found -1 4.1.6-3
Control: found -1 4.3.0-5
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Leaking uninitialised memory through crafted zone records
Marked as found in versions pdns/4.0.3-1.
Request was from Chris Hofstaedtler <zeha@debian.org>
to submit@bugs.debian.org.
(Tue, 22 Sep 2020 19:09:03 GMT) (full text, mbox, link).
Marked as found in versions pdns/4.1.6-3.
Request was from Chris Hofstaedtler <zeha@debian.org>
to submit@bugs.debian.org.
(Tue, 22 Sep 2020 19:09:04 GMT) (full text, mbox, link).
Marked as found in versions pdns/4.3.0-5.
Request was from Chris Hofstaedtler <zeha@debian.org>
to submit@bugs.debian.org.
(Tue, 22 Sep 2020 19:09:04 GMT) (full text, mbox, link).
Reply sent
to Chris Hofstaedtler <zeha@debian.org>:
You have taken responsibility.
(Tue, 22 Sep 2020 22:00:07 GMT) (full text, mbox, link).
Notification sent
to Chris Hofstaedtler <zeha@debian.org>:
Bug acknowledged by developer.
(Tue, 22 Sep 2020 22:00:07 GMT) (full text, mbox, link).
Message #16 received at 970737-close@bugs.debian.org (full text, mbox, reply):
Source: pdns
Source-Version: 4.3.1-1
Done: Chris Hofstaedtler <zeha@debian.org>
We believe that the bug you reported is fixed in the latest version of
pdns, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 970737@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <zeha@debian.org> (supplier of updated pdns package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 22 Sep 2020 20:25:52 +0000
Source: pdns
Architecture: source
Version: 4.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: pdns packagers <pdns@packages.debian.org>
Changed-By: Chris Hofstaedtler <zeha@debian.org>
Closes: 970737
Changes:
pdns (4.3.1-1) unstable; urgency=medium
.
* New upstream version 4.3.1
Fixes CVE-2020-17482 (Closes: #970737)
* Remove upstream-applied patch for MySQL stored procedures.
Checksums-Sha1:
3a092a8f5d92d5650c50ade447385ea5c84c100f 3399 pdns_4.3.1-1.dsc
ded83a15fbf287979bdc7c85a421cf9aeca66e25 1216876 pdns_4.3.1.orig.tar.bz2
a9a4e0136c052951d524fc7eb9b408dc1f6bd21d 914 pdns_4.3.1.orig.tar.bz2.asc
291a7f6908935e93aca7b6786127ff4d4a8ae1cb 44148 pdns_4.3.1-1.debian.tar.xz
a33d35d22d4eb451a4fc6ba38655adfe947aa68c 7901 pdns_4.3.1-1_source.buildinfo
Checksums-Sha256:
4b1e8c95cd1534eca414244fefb39645522405bfc62954c725a263380eef59c8 3399 pdns_4.3.1-1.dsc
d5146c04098ee94b9377ee491ebb3fd5eb061d7b24262f4a8e1a89f2ed3fc245 1216876 pdns_4.3.1.orig.tar.bz2
631c292be12e20efa3684b4331917c934d53991dfe58b943ffa3024e5056255d 914 pdns_4.3.1.orig.tar.bz2.asc
aa7f3dd597604ff97b49f36fb1ca9a8ac4cacbd261faa9727261722b621967df 44148 pdns_4.3.1-1.debian.tar.xz
b3d692de554eb96edab435fbf3bd4ad9c8151d92b16181087dbd5a4745042cdb 7901 pdns_4.3.1-1_source.buildinfo
Files:
ca187d29567b4995b825c71fbd5df8b5 3399 net optional pdns_4.3.1-1.dsc
59011d4337dc02d9b114918781f96bee 1216876 net optional pdns_4.3.1.orig.tar.bz2
3137710b00e522198ddbe9f36d9f5cda 914 net optional pdns_4.3.1.orig.tar.bz2.asc
b39babce44ed2882be56fa43226f9bd3 44148 net optional pdns_4.3.1-1.debian.tar.xz
7846c8e274b6cbb4661aa41d8ae8ac5f 7901 net optional pdns_4.3.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAl9qa+QACgkQXBPW25MF
LgOryA/+KUfLhLeo6AKsOhWea63kY6mbci5YArOzdaRH2xs3V+qmCAw/MpxveHZF
Sa43ptraM2J/7uQl/a3RRDMLzTEVpFVfK6JkJ5jvUgzgP4g+DofP6AcbL5+fwHqK
sK4ALNz8ar/5R3O3S67Y2ncggfDakd75RItGdtF1boo6R1oXyc+/CDKGzHTxcxQi
MTmzUJuYYhwgBpwBswwW5YBPjDzJqmgyZ/8QMlGutdqXs/teLzLriCr28feYRltE
iC7nmhwOQPpHc1veP8BzsD54GvnkB9tG1uoO07WUJ+EbmK7xz9k6Gl8c9Xul8Mud
05xpts4At3k1adEc3/+n+WaQdTjoSLQYnWzjVmFAnTlxTBDcGBqs7n+k4HMnfWWj
M6mcfH77UyMbfSRhCASE3NAbQuLacbvsMzI+4qegU4X4dCauRaK1Ow+egeLQB1+o
RHeQkuuCKEyaDu4DydP1EXYvoWbUyoRhuBWlys0McDu9Xu+MM4G/Cbti4M98wQMr
Ln4IE9efkWeMlLSeccOOHbhjt6iUhNHiuuKCr0cjQubqBTfla/RMBOTIFYPUpPVv
lZLozjwJuLa3H9lb8fHx4dqhcjX0u68QV+Y16uL6hP1UHDzbxtHptWz5DxID7Nt1
AHZXEApbRb+PW1FSpgo2JZNL//NHh6MoxKuAa5xLnCfZRiM+Nc4=
=zxvW
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Sep 23 10:24:37 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon