Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-15105

Source

Debian Bug report logs - #887733
unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records

Package: src:unbound; Maintainer for src:unbound is unbound packagers <unbound@packages.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 19 Jan 2018 13:57:02 UTC

Severity: serious

Tags: patch, security, upstream

Found in versions unbound/1.4.22-3, unbound/1.4.22-1, unbound/1.6.7-1

Fixed in versions unbound/1.7.1-1, unbound/1.6.0-3+deb9u2

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>:
Bug#887733; Package src:unbound. (Fri, 19 Jan 2018 13:57:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>. (Fri, 19 Jan 2018 13:57:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: unbound
Version: 1.6.7-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for unbound.

CVE-2017-15105[0]:
vulnerability in the processing of wildcard synthesized NSEC records

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15105
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15105
[1] https://unbound.net/downloads/CVE-2017-15105.txt
[2] https://unbound.net/downloads/patch_cve_2017_15105.diff

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions unbound/1.4.22-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 24 Jan 2018 19:30:03 GMT) (full text, mbox, link).

Severity set to 'serious' from 'important' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 24 Jan 2018 19:30:04 GMT) (full text, mbox, link).

Marked as found in versions unbound/1.4.22-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 24 Jan 2018 20:42:05 GMT) (full text, mbox, link).

Marked as fixed in versions unbound/1.7.1-1. Request was from Simon Deziel <simon@sdeziel.info> to control@bugs.debian.org. (Sun, 27 May 2018 18:18:02 GMT) (full text, mbox, link).

Marked as fixed in versions unbound/1.6.0-3+deb9u2. Request was from Scott Kitterman <scott@kitterman.com> to control@bugs.debian.org. (Wed, 06 Feb 2019 05:33:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, unbound packagers <unbound@packages.debian.org>:
Bug#887733; Package src:unbound. (Fri, 12 Apr 2019 22:15:02 GMT) (full text, mbox, link).

Acknowledgement sent to Maximilian Engelhardt <maxi@daemonizer.de>:
Extra info received and forwarded to list. Copy sent to unbound packagers <unbound@packages.debian.org>. (Fri, 12 Apr 2019 22:15:02 GMT) (full text, mbox, link).

Message #20 received at 887733@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

This bug is still open but has been marked as fixed in the versions currently 
in testing/unstable and stable. It also has been fixed in oldstable-security. 
Should it be closed or is there any reason to still keep it open?

[signature.asc (application/pgp-signature, inline)]

Marked Bug as done Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 13 Apr 2019 07:30:06 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 13 Apr 2019 07:30:06 GMT) (full text, mbox, link).

Message sent on to Salvatore Bonaccorso <carnil@debian.org>:
Bug#887733. (Sat, 13 Apr 2019 07:30:07 GMT) (full text, mbox, link).

Message #27 received at 887733-submitter@bugs.debian.org (full text, mbox, reply):

close 887733 1.7.1-1
thanks

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 12 May 2019 07:26:51 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:22:57 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records

Debian Bug report logs - #887733
unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records

Vulmon Search

About

Products

Connect

unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records

Debian Bug report logs - #887733 unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records

Vulmon Search

About

Products

Connect

Debian Bug report logs - #887733
unbound: CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records