Debian Bug report logs -
#830809
knot: CVE-2016-6171: Improper restriction of zone size limit
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>:
Bug#830809; Package src:knot.
(Mon, 11 Jul 2016 19:00:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>.
(Mon, 11 Jul 2016 19:00:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: knot
Version: 2.2.1-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.labs.nic.cz/labs/knot/issues/464
Hi,
the following vulnerability was published for knot.
CVE-2016-6171[0]:
Improper restriction of zone size limit
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6171
[1] https://gitlab.labs.nic.cz/labs/knot/issues/464
Please adjust the affected versions in the BTS as needed. This does
not warrant a DSA, it is marked already as no-dsa in the
security-tracker.
Regards,
Salvatore
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Fri, 12 Aug 2016 16:03:18 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 12 Aug 2016 16:03:18 GMT) (full text, mbox, link).
Message #10 received at 830809-close@bugs.debian.org (full text, mbox, reply):
Source: knot
Source-Version: 2.3.0-1
We believe that the bug you reported is fixed in the latest version of
knot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 830809@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated knot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Aug 2016 09:16:35 +0200
Source: knot
Binary: knot libknot3 libzscanner1 libdnssec2 libknot-dev knot-dnsutils knot-host knot-doc
Architecture: source amd64 all
Version: 2.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
knot - authoritative domain name server
knot-dnsutils - Clients provided with Knot DNS (kdig, knslookup, knsupdate)
knot-doc - Documentation for Knot DNS
knot-host - Version of 'host' bundled with Knot DNS
libdnssec2 - authoritative domain name server
libknot-dev - authoritative domain name server
libknot3 - authoritative domain name server
libzscanner1 - authoritative domain name server
Closes: 830809
Changes:
knot (2.3.0-1) unstable; urgency=medium
.
* Imported Upstream version 2.3.0
+ Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171)
(Closes: #830809)
* Restructure d/rules so dh_install --fail-missing works again
* Upstream bumped SOVERSION to libknot3, libdnssec2 and libzscanner1
Checksums-Sha1:
928151953ce812516aaf642c303cfbbc39bf081e 2775 knot_2.3.0-1.dsc
103e56655c36420236bdb01fd14f8fd4c9487e64 1066852 knot_2.3.0.orig.tar.xz
a817cb159c89196271eb4e103eb8af5b37d3806e 21552 knot_2.3.0-1.debian.tar.xz
75b3051a3680fd2048faa284ef17bb4286453929 2053566 knot-dbgsym_2.3.0-1_amd64.deb
ab33effbcfdde5adbd70cec158e7340626ae4e35 206920 knot-dnsutils-dbgsym_2.3.0-1_amd64.deb
fb98f4e9121241d82348615fe486a6ec768fab44 59912 knot-dnsutils_2.3.0-1_amd64.deb
04a73f049f79f63d12e79babd56f5695954db11b 520264 knot-doc_2.3.0-1_all.deb
d31a0a75ed86086e79f3544b82a06ca5c5d96149 111674 knot-host-dbgsym_2.3.0-1_amd64.deb
32c744562d87a44b5813c7adb94eb0d204a4c8eb 44274 knot-host_2.3.0-1_amd64.deb
0b562e5d36ba40e0505e3ecf37e931942886047c 286860 knot_2.3.0-1_amd64.deb
4203a7c43629303e38f6c4e4d29c84ef7a5e5f45 148824 libdnssec2-dbgsym_2.3.0-1_amd64.deb
02e85737353fb074ff50c2ad32caad51d335c68c 41806 libdnssec2_2.3.0-1_amd64.deb
0a117be7eac4a3488396241f7580e679e535218b 251302 libknot-dev_2.3.0-1_amd64.deb
949fae18dd609d1a03b16a133c082349b954b93c 211938 libknot3-dbgsym_2.3.0-1_amd64.deb
7091fa6f70ca08253edf537e69abef47e2d4b152 73944 libknot3_2.3.0-1_amd64.deb
5fa90d4c84e87f94fee09e3c32d2e85010232e72 195336 libzscanner1-dbgsym_2.3.0-1_amd64.deb
c6fe6946d0dedcb190c765190028e6969d733ee0 108124 libzscanner1_2.3.0-1_amd64.deb
Checksums-Sha256:
5c601585bf3a71978d57f8f73adcd30a9be0bea04389aeb95147478636b55ff1 2775 knot_2.3.0-1.dsc
8abf9a6562ecf2f7f4222d16ca6c75463399870db360eda7caa40530b469533c 1066852 knot_2.3.0.orig.tar.xz
a8d6d586e60dc29f9926d40b0938e4aae0f23fa862ed7997b0a302757fc765d7 21552 knot_2.3.0-1.debian.tar.xz
fbd182ffa86b3f71547c10fe062d2aca27aeea48673365b6d201c6174e2dd7aa 2053566 knot-dbgsym_2.3.0-1_amd64.deb
572a5c14af648c8dda908903676d75c0d99421c9a8f18b21724d982d134c3424 206920 knot-dnsutils-dbgsym_2.3.0-1_amd64.deb
a23877f8e2b940b819c1f39d0388a1c1b5c279c7965c5479102108aaedad2292 59912 knot-dnsutils_2.3.0-1_amd64.deb
57da04bdd8455dfba2ec01085a1513a05b95f9e7da6be47cc51b05494df595ab 520264 knot-doc_2.3.0-1_all.deb
33299a58f0e96daf011383c00ff382f752bd616a63b336b1fe0a11bfb2bbc6b8 111674 knot-host-dbgsym_2.3.0-1_amd64.deb
373b62532660bd42be66406148bf38f75e9047577f7b034c995690baae5a9d1e 44274 knot-host_2.3.0-1_amd64.deb
243a3e0b99b79a9d92827bd6f35a45b57a4ae65da99744a1ba2a5882983d654f 286860 knot_2.3.0-1_amd64.deb
8df75c0340b00396addf594752bd9746f5f3a9513f604a40b61e99c8aacfff87 148824 libdnssec2-dbgsym_2.3.0-1_amd64.deb
a9b7165ae0e3dae6016f91674344ac050576cf89eedc3a98ed7656878164d52c 41806 libdnssec2_2.3.0-1_amd64.deb
6407160570c7889272370eb09cfe853cfbf025de6a025127b137a8ee285363aa 251302 libknot-dev_2.3.0-1_amd64.deb
08848d537018b2e0e40886b90a314228ca85d09ed63ca06a7046dd681d202ce9 211938 libknot3-dbgsym_2.3.0-1_amd64.deb
a7738978fc8cd23e8c23ea6d3fbdf070502ccce187333fa68ffda935636524dd 73944 libknot3_2.3.0-1_amd64.deb
dbe1f8abe31642630095e953a8905c03dabd20149f80a98426bb8546310d63ae 195336 libzscanner1-dbgsym_2.3.0-1_amd64.deb
a20eb17ef5f7b3ecae9f040b5c730a1d5cc2a01e934c338b58e6b1fb3ab36211 108124 libzscanner1_2.3.0-1_amd64.deb
Files:
1baffd3280d8a51115f1ad1e944f1ece 2775 net optional knot_2.3.0-1.dsc
7ca754f972fb07faa4f30e50d8a4385b 1066852 net optional knot_2.3.0.orig.tar.xz
6b161f8c975984ba0ef9ec81f2d3e38d 21552 net optional knot_2.3.0-1.debian.tar.xz
20d1d32dc0101230f0a37e429599530d 2053566 debug extra knot-dbgsym_2.3.0-1_amd64.deb
ad41e3aa1762c3ae19cecd189cfea965 206920 debug extra knot-dnsutils-dbgsym_2.3.0-1_amd64.deb
67ce8785766b7b771929e4d5cbceb441 59912 net optional knot-dnsutils_2.3.0-1_amd64.deb
4cd2b31904274b79fb38325ba236d656 520264 doc optional knot-doc_2.3.0-1_all.deb
4bd7234c3e3833a95bfd5e55041fe389 111674 debug extra knot-host-dbgsym_2.3.0-1_amd64.deb
fea482f6c5cf28560d57c8d1e5f0f1b6 44274 net optional knot-host_2.3.0-1_amd64.deb
6387423fb87171c0177e899e0a56d994 286860 net optional knot_2.3.0-1_amd64.deb
89f863fcbdc1c6c114d05f935f0419a3 148824 debug extra libdnssec2-dbgsym_2.3.0-1_amd64.deb
9238fbd365878d9e14cbb64e48e064a2 41806 libs optional libdnssec2_2.3.0-1_amd64.deb
13485bed68164e44e58c28cc3bd37de1 251302 libdevel optional libknot-dev_2.3.0-1_amd64.deb
1c4f39c6b055254e10ea27560b805268 211938 debug extra libknot3-dbgsym_2.3.0-1_amd64.deb
ef2c535dadde150d491dfcc3309b9821 73944 libs optional libknot3_2.3.0-1_amd64.deb
bbc60b37d78cb929dd7644e2954e06b8 195336 debug extra libzscanner1-dbgsym_2.3.0-1_amd64.deb
092cddadb10e3bbe771b90f3254fa12d 108124 libs optional libzscanner1_2.3.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXqtxIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHOygQAN0Ou+j26EuLEBEadcaL5MUH
ON3LBdK2W058C9ioLoxR0Cip+6vpJvbzjDwuqqo7BjEvTG8uVjrvyQtyQOYoZqdc
SST/EP77NZKW8cDsMMOObFIuoi3qYZan2VsNI2z8/Y6sICsXmDdkKIEUO2LLo2zX
okqO9FU3Dxhpd5Whi0rVbvre0VWjRNsz1pDwzEud8Td6ML+0BOKsqZQiYUogjQJq
U/b+k5qPyfxyD7GqieNsGFnkfj6Md3HgpKK5Lr0HDoRX8W4lNi/CHr9IiuyoxB0V
i+F7gqZozytfF4FGzdd1ORN6+j1NOpBBt0hdJQFnNJrGpelwULs8dqbAIoJhBQQ8
rrFGBy0BwUUKJ4IWtfcNDget/CMzRS+SW451osMoHVrJWE2g7jHp64RdASa7cfIz
MGiAT4EU6fTe63hAUNDJuBpAnhWgbKZB7To93aNltXeAVuCoSXePt4O6KbTf1+Gn
wSdDApmpoR2mpJMgz1E6HciqUZW1lM9vrD6DCruePgOBQLfxFgli+YF5hldHg8N0
3jgqGg/LxxNuUDZhcdGH8X15GX9tzg9D4H7JfCL+zd/URHDsM4cHWALiy/Ol8Pvx
6b+2xt538wrvzGkzwNgnqouHXuo83VthdMF1ADymL4Txzv0j4bzh4vliaqa9mWaf
SN95w34tu8wiwvZ//B9U
=ZxQc
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 15 Sep 2016 07:25:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:07:10 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon