Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@tracker.debian.org>; Source for bind9 is src:bind9 (PTS, buildd, popcon).
Reported by: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 27 Sep 2016 17:21:02 UTC
Severity: grave
Tags: security
Found in versions bind9/1:9.8.4.dfsg.P1-6+nmu3, bind9/1:9.10.3.dfsg.P4-10.1
Fixed in versions bind9/1:9.9.5.dfsg-9+deb8u7, bind9/1:9.10.4-P5-1, bind9/1:9.10.3.dfsg.P4-11
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Tue, 27 Sep 2016 17:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Florian Weimer <fw@deneb.enyo.de>
:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>
.
(Tue, 27 Sep 2016 17:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bind9 Version: 1:9.10.3.dfsg.P4-10.1 Tags: security Severity: grave ISC has released a security alert at <https://kb.isc.org/article/AA-01419> Relevant information from this report follows: CVE: CVE-2016-2776 Document Version: 2.0 Posting date: 2016-09-27 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3, 9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1 Severity: High Exploitable: Remotely Description: Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries (i.e. doesn't match 'allow-query'). Impact: All servers are vulnerable if they can receive request packets from any source.
Marked as found in versions bind9/1:9.8.4.dfsg.P1-6+nmu3.
Request was from Adrian Bunk <bunk@stusta.de>
to control@bugs.debian.org
.
(Wed, 28 Sep 2016 09:30:02 GMT) (full text, mbox, link).
Marked as fixed in versions bind9/1:9.9.5.dfsg-9+deb8u7.
Request was from Adrian Bunk <bunk@stusta.de>
to control@bugs.debian.org
.
(Wed, 28 Sep 2016 09:30:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Mon, 03 Oct 2016 13:18:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Aleksi Suhonen <debian-reportbug-2016@ssd.axu.tm>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Mon, 03 Oct 2016 13:18:08 GMT) (full text, mbox, link).
Message #14 received at 839010@bugs.debian.org (full text, mbox, reply):
Hello, Does the patch for this bug clash with some Debian special patch, or why isn't it being applied to the sid package? Best regards, -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail
Reply sent
to Florian Weimer <fw@deneb.enyo.de>
:
You have taken responsibility.
(Mon, 03 Oct 2016 22:06:14 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>
:
Bug acknowledged by developer.
(Mon, 03 Oct 2016 22:06:14 GMT) (full text, mbox, link).
Message #19 received at 839010-close@bugs.debian.org (full text, mbox, reply):
Source: bind9 Source-Version: 1:9.9.5.dfsg-9+deb8u7 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Florian Weimer <fw@deneb.enyo.de> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 27 Sep 2016 19:46:00 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb Architecture: source all amd64 Version: 1:9.9.5.dfsg-9+deb8u7 Distribution: jessie-security Urgency: high Maintainer: LaMont Jones <lamont@debian.org> Changed-By: Florian Weimer <fw@deneb.enyo.de> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-90 - BIND9 Shared Library used by BIND libdns-export100 - Exported DNS Shared Library libdns-export100-udeb - Exported DNS library for debian-installer (udeb) libdns100 - DNS Shared Library used by BIND libirs-export91 - Exported IRS Shared Library libirs-export91-udeb - Exported IRS library for debian-installer (udeb) libisc-export95 - Exported ISC Shared Library libisc-export95-udeb - Exported ISC library for debian-installer (udeb) libisc95 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg-export90 - Exported ISC CFG Shared Library libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 831796 839010 Changes: bind9 (1:9.9.5.dfsg-9+deb8u7) jessie-security; urgency=high . * CVE-2016-2775: lwresd crash with long query name. Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232. Closes: #831796. * CVE-2016-2776: assertion failure due to unspecified crafted query. Fix based on 43139-9-9.patch from ISC. Closes: #839010. Checksums-Sha1: 59538c1b3bd16b405ee8643faecd56276612bb4c 3116 bind9_9.9.5.dfsg-9+deb8u7.dsc 20df2c3491f36787547e18bbc06b3e6c25845154 121116 bind9_9.9.5.dfsg-9+deb8u7.diff.gz e6d91efa2476ed6d911299668f8fa2413fc85e04 338634 bind9-doc_9.9.5.dfsg-9+deb8u7_all.deb f110441cfca25acf6eae31392a49c2526e1ed944 23326 host_9.9.5.dfsg-9+deb8u7_all.deb 51faace2d1c5079bb8334d36385f1cb821770709 314658 bind9_9.9.5.dfsg-9+deb8u7_amd64.deb f45539818ade2126e3728df8e2064dae78d31e57 167200 bind9utils_9.9.5.dfsg-9+deb8u7_amd64.deb 163346f61748de37578208b408456e9e72d990f3 67456 bind9-host_9.9.5.dfsg-9+deb8u7_amd64.deb 251c9c6ad595c1acdb43340a9bfc7e457ccb62b3 1230914 libbind-dev_9.9.5.dfsg-9+deb8u7_amd64.deb d3413c2dafbc4e191b7ecb7037b6d26046499d0d 43034 libbind9-90_9.9.5.dfsg-9+deb8u7_amd64.deb 6f5881ebbfccc659337f110e23e576735cc32240 679836 libdns100_9.9.5.dfsg-9+deb8u7_amd64.deb f24f6654ba5d85594867f3f0bf50438da4943eb9 168084 libisc95_9.9.5.dfsg-9+deb8u7_amd64.deb 49da22e059c3ce31b552259802049b3638686722 52678 liblwres90_9.9.5.dfsg-9+deb8u7_amd64.deb f5152e9902d7e76e925f098c2328603b08f578aa 36326 libisccc90_9.9.5.dfsg-9+deb8u7_amd64.deb 3aa4b9f97741e44048cd7deda002bb81c3339599 56894 libisccfg90_9.9.5.dfsg-9+deb8u7_amd64.deb 68fe2588ed8a28c2844c27ac239e1aaf27f2d645 118648 dnsutils_9.9.5.dfsg-9+deb8u7_amd64.deb 21fdf3458a56e93d22ab4dd58f6afd378ed20517 231210 lwresd_9.9.5.dfsg-9+deb8u7_amd64.deb 6539f2b30336e414415e164f6b8f9d9ba8ea3247 829602 libbind-export-dev_9.9.5.dfsg-9+deb8u7_amd64.deb 7d0e52077c26c2137cd7ba520324ffa7b2e11806 456102 libdns-export100_9.9.5.dfsg-9+deb8u7_amd64.deb 25910d94089284a4a6cfcc0e4c93fde3dec99d89 434026 libdns-export100-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 492c1807ff63d2509e5b673b1d0d24ec9eb14456 140402 libisc-export95_9.9.5.dfsg-9+deb8u7_amd64.deb 4945cb9ef81a5597fe8398e19f503d75a12cc017 117278 libisc-export95-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 06f4ec52ddc936d23c04138210d3de9b471ecd41 40522 libisccfg-export90_9.9.5.dfsg-9+deb8u7_amd64.deb 22f340c006b83e7a0197ef2d9a8cb91df95a6aa9 17570 libisccfg-export90-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb ec3412ad354be63238f7e9b321e9faaac46b96c9 38234 libirs-export91_9.9.5.dfsg-9+deb8u7_amd64.deb 69200cc524956e99ddfb2b509cf4c3edbdfa9d34 15360 libirs-export91-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb Checksums-Sha256: b726f8405202216606066177f75a451a4149bef222756ade2dbcd3146411374e 3116 bind9_9.9.5.dfsg-9+deb8u7.dsc 7f4132b821afb96d247190866a58a3cf60ec55ac958c06d4bdfc126a77c393fc 121116 bind9_9.9.5.dfsg-9+deb8u7.diff.gz 19b6d0cffbbaeb769b0cb385b610fcff6f462adbcb25cdeea0a07651c9f98f29 338634 bind9-doc_9.9.5.dfsg-9+deb8u7_all.deb 326ec7bbea0f2576147f34a52cdafa8ab5e7432de640c42ef3c2124aaf23f880 23326 host_9.9.5.dfsg-9+deb8u7_all.deb 34e65cebadefee898339c9496cdc7d29849cd154344dcf8b7ef6cd1bbfdcdbdc 314658 bind9_9.9.5.dfsg-9+deb8u7_amd64.deb 69d819363039bb8c7706742b695bbc9a164b9b9ff515c91e6f809f1433676506 167200 bind9utils_9.9.5.dfsg-9+deb8u7_amd64.deb e2f9ed4a7c1fb9f65c63eb71ae1790bbefb448da8af66893766dc54ce0cf6880 67456 bind9-host_9.9.5.dfsg-9+deb8u7_amd64.deb 469043db169474f901c8bbbf902d372f313c8799ce2ea9c487079d6486c4af06 1230914 libbind-dev_9.9.5.dfsg-9+deb8u7_amd64.deb 92f22ab5d0178ac8ef4fcb9f0ef0ba53690ba1b4ca95abcb7a98a228d697a533 43034 libbind9-90_9.9.5.dfsg-9+deb8u7_amd64.deb 4c66036789a773b0c4f187872f10c5baaff94a1f55f6488fe6aa0cfa6385f641 679836 libdns100_9.9.5.dfsg-9+deb8u7_amd64.deb 33dcf05d7d6e30501bccc98daed5a67afd8f912a1e9d8fd6b7bea8761ea39fcd 168084 libisc95_9.9.5.dfsg-9+deb8u7_amd64.deb fcc1875ffb610f75f6b8b0541ac3c255084297de0b632a608baa333907232ddf 52678 liblwres90_9.9.5.dfsg-9+deb8u7_amd64.deb b17f8172454b8ab6984aafee2b6463bb86913c887ec58551f43df89860b9b9b8 36326 libisccc90_9.9.5.dfsg-9+deb8u7_amd64.deb b1762c0a6343dbfd382648f919736c83b7a74c6f0437f514dfc7a76297db348f 56894 libisccfg90_9.9.5.dfsg-9+deb8u7_amd64.deb eb98359e9a45af8e56809d265dbc717a51d0afd5c829030cab038a7bbb27f8b0 118648 dnsutils_9.9.5.dfsg-9+deb8u7_amd64.deb 305972bb8e72633594964e4ef4d83fcfff145d4a8e0f7d104321d412d4d0129b 231210 lwresd_9.9.5.dfsg-9+deb8u7_amd64.deb 2959c6df75b505b7fbbecf95a52afd4db054c7b0839949394e13be333091b76c 829602 libbind-export-dev_9.9.5.dfsg-9+deb8u7_amd64.deb 9107b493e60f1e009aafa56ab58a4dd807f4bb87304f754596db96e662014a61 456102 libdns-export100_9.9.5.dfsg-9+deb8u7_amd64.deb 9b7a437abbad8b7752c402da174f2a61fe51a41926faf7e70c1b8ec8a1c107e6 434026 libdns-export100-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 3ce19741cffac901f49962986ffe3ea7ad7fed460c5dec04af7d250d2d118305 140402 libisc-export95_9.9.5.dfsg-9+deb8u7_amd64.deb 8ed1130e052e7902a099ecc0e50e166336186da0833c6c884514f735adccc5ab 117278 libisc-export95-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 9cf944a6ae4e64f40a062ac53e7abf8cedbb2ff54c1753811ce37d506dfabb37 40522 libisccfg-export90_9.9.5.dfsg-9+deb8u7_amd64.deb 53657520a8f392d1e26313b104d46b68b2105d7da32bee8003bb74eedfd86a5d 17570 libisccfg-export90-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 6500fd13a1061512ef6c55451bc8475b52d14907cbe76b694f72df1b55a1d312 38234 libirs-export91_9.9.5.dfsg-9+deb8u7_amd64.deb 938dfa12723de337c9646b0cf520210535f8091b52c238d01a33861253e635fd 15360 libirs-export91-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb Files: fffc418805dc32e50faac2e00bc68c0e 3116 net optional bind9_9.9.5.dfsg-9+deb8u7.dsc bc98e55116ada5b82d39e197123c1438 121116 net optional bind9_9.9.5.dfsg-9+deb8u7.diff.gz 2b48c1c8f31d93e9152c702a8a314c3e 338634 doc optional bind9-doc_9.9.5.dfsg-9+deb8u7_all.deb 6bcee4d09a8b4615baba098b729b5e5e 23326 net standard host_9.9.5.dfsg-9+deb8u7_all.deb b292a13c010f30755f108697152f05b8 314658 net optional bind9_9.9.5.dfsg-9+deb8u7_amd64.deb 666ea1d2166ec0c85f3a473e5a9ef6a8 167200 net optional bind9utils_9.9.5.dfsg-9+deb8u7_amd64.deb 60a1317dc5fda12d07d3ab93e5c3f21e 67456 net standard bind9-host_9.9.5.dfsg-9+deb8u7_amd64.deb b3a35f4154c6cff4e0411103410f6dc7 1230914 libdevel optional libbind-dev_9.9.5.dfsg-9+deb8u7_amd64.deb f0fe289a501b2fd13c067c1e1a3ffb25 43034 libs standard libbind9-90_9.9.5.dfsg-9+deb8u7_amd64.deb 002c0ba669bce7f249133f5e441b2212 679836 libs standard libdns100_9.9.5.dfsg-9+deb8u7_amd64.deb 6cb086c5eb56fc4252131c2217f7f215 168084 libs standard libisc95_9.9.5.dfsg-9+deb8u7_amd64.deb 0ae37bc4600214e0a693096827c6c77b 52678 libs standard liblwres90_9.9.5.dfsg-9+deb8u7_amd64.deb 976b1efe98995e4600a479b426c39059 36326 libs optional libisccc90_9.9.5.dfsg-9+deb8u7_amd64.deb 3e6acb8e5b935ae8e223bd7c2e9e4647 56894 libs optional libisccfg90_9.9.5.dfsg-9+deb8u7_amd64.deb 65ff25c0467fe745e30c67cc2264c521 118648 net standard dnsutils_9.9.5.dfsg-9+deb8u7_amd64.deb 152d1364e4f60dcf72bdeeffecabc865 231210 net optional lwresd_9.9.5.dfsg-9+deb8u7_amd64.deb 54c1161f95a4ed83a133b2e2567b5237 829602 libdevel optional libbind-export-dev_9.9.5.dfsg-9+deb8u7_amd64.deb da2b4efb39c297f33e54d3bbe82097e2 456102 libs optional libdns-export100_9.9.5.dfsg-9+deb8u7_amd64.deb 09f4f77f0f21dbfd2a6d3ddfd471d666 434026 debian-installer optional libdns-export100-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 2107da2a60a0f217c95ef3bf323b3930 140402 libs optional libisc-export95_9.9.5.dfsg-9+deb8u7_amd64.deb dc3477f7d75d7877d0e2263b044d0749 117278 debian-installer optional libisc-export95-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 9e1ab1fd29f6c8069e80491e8e7a33b1 40522 libs optional libisccfg-export90_9.9.5.dfsg-9+deb8u7_amd64.deb 98b6895daf97257253f025596de7d587 17570 debian-installer optional libisccfg-export90-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb 8edf7d0a34ee1811ade981e0a9c58c9c 38234 libs optional libirs-export91_9.9.5.dfsg-9+deb8u7_amd64.deb 7add895d3896f56f28b6747fa68aaa2a 15360 debian-installer optional libirs-export91-udeb_9.9.5.dfsg-9+deb8u7_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJX6sAAAAoJEL97/wQC1SS+kL8H/14Rq/UycFfxiRP31kPB/S0g rzLA7YK6+PgMRAzOjpbENgRKL4fmoPdg2ak2mF4dOLWpR+0u3a1+A49OhlWKK+ra qBLvEwCDG1pakxp33TgfODN4iFvMSJ9IzntJ9BJtGtU1dRclYmpAmdfu/UA7HyOb fOMovPV/spO5alxGoyHJVOmrb9OR9G4bNqpfnqgdNsCHFze0DubmAWIErOLOjDjp 3xWB6PX9QyCXxSvDs6vVHRW2HgvSU4S3bWRRTLKWO/RPdw2lObnG9+IBpfxcvl/5 VGMmmciZKxbDWIhjGSNCrbA2Hrz/f4v+nSNAjSDmshoYYewcHgIdL/0DAznSF0w= =LlfB -----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Mon, 03 Oct 2016 22:39:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Aleksi Suhonen <debian-reportbug-2016@ssd.axu.tm>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Mon, 03 Oct 2016 22:39:02 GMT) (full text, mbox, link).
Message #24 received at 839010@bugs.debian.org (full text, mbox, reply):
Hi, Bug 839010 was filed against Debian/stable AND Debian/unstable. There is a fix for the stable package, but according to the opening statement of the bug, it is still found in the unstable package at version 1:9.10.3.dfsg.P4-10.1, which is the newest package version in unstable. So the bug cannot be closed until it has been fixed in both branches. 1:9.9.5.dfsg-9+deb8u7 doesn't upgrade 1:9.10.3.dfsg.P4-10.1. What am I missing? -- Aleksi Suhonen () ascii ribbon campaign /\ support plain text e-mail
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Tue, 04 Oct 2016 10:33:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Tue, 04 Oct 2016 10:33:09 GMT) (full text, mbox, link).
Message #29 received at 839010@bugs.debian.org (full text, mbox, reply):
Hi, On Tue, Oct 04, 2016 at 01:37:06AM +0300, Aleksi Suhonen wrote: > Hi, > > Bug 839010 was filed against Debian/stable AND Debian/unstable. There is a > fix for the stable package, but according to the opening statement of the > bug, it is still found in the unstable package at version > 1:9.10.3.dfsg.P4-10.1, which is the newest package version in unstable. > > So the bug cannot be closed until it has been fixed in both branches. > 1:9.9.5.dfsg-9+deb8u7 doesn't upgrade 1:9.10.3.dfsg.P4-10.1. What am I > missing? No reopening is not needed, since the Debian BTS hast the version tracking and correctly detects that the version for unstable/stretch is not yet fixed. Cf. as well the graph in #839010. Does this help? Regards, Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 05 Dec 2016 07:50:10 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org
.
(Wed, 07 Dec 2016 01:57:20 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>
:
You have taken responsibility.
(Tue, 17 Jan 2017 15:03:23 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>
:
Bug acknowledged by developer.
(Tue, 17 Jan 2017 15:03:23 GMT) (full text, mbox, link).
Message #38 received at 839010-close@bugs.debian.org (full text, mbox, reply):
Source: bind9 Source-Version: 1:9.10.4-P5-1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 15 Jan 2017 06:04:12 +0000 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns165 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export165 libdns-export165-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source amd64 all Version: 1:9.10.4-P5-1 Distribution: experimental Urgency: medium Maintainer: LaMont Jones <lamont@debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export165 - Exported DNS Shared Library libdns-export165-udeb - Exported DNS library for debian-installer (udeb) libdns165 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 828082 830810 831796 839010 842858 851062 851063 851065 Changes: bind9 (1:9.10.4-P5-1) experimental; urgency=medium . * New upstream: 9.10.4-P5 - Fixes CVE-2016-2775: crash in lwresd due to a long query name (closes: #831796). - Fixes CVE-2016-2776: maliciously crafted query can cause named to crash (closes: #839010). - Fixes CVE-2016-6170: improper zone size limits (closes: #830810). - Fixes CVE-2016-8864: incorrect handling of a DNAME record can cause named to crash (closes: #842858). - Fixes CVE-2016-9131: maliciously crafted response to an ANY query can cause named to crash (closes: #851065). - Fixes CVE-2016-9147: query with contradictory DNSSEC information can cause named to crash (closes: #851063). - Fixes CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) record can cause named to crash (closes: #851062). * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now (closes: #828082). * Update debian/copyright to format 1.0. * Add upstream signing key. Checksums-Sha1: 951ef7719896f2e0ab0f76f2b65cc33fb7da902d 4394 bind9_9.10.4-P5-1.dsc 3d6ddef3d0f8480c6bd462fb63064a6e362b864a 9247565 bind9_9.10.4-P5.orig.tar.gz 49f9a9c92a2919596fcb77548a659987a6496f9f 71688 bind9_9.10.4-P5-1.debian.tar.xz 301ee8884b19407803ae26df86113fcaec48cd54 1523414 bind9-dbgsym_9.10.4-P5-1_amd64.deb 507749c00c7bb7369592b95d047af8902be67490 386008 bind9-doc_9.10.4-P5-1_all.deb 85e8595094bf0440f39fb0bc44b1bb8960324fb1 88342 bind9-host-dbgsym_9.10.4-P5-1_amd64.deb 053a25058aeda39bb18a855d428c930887dc3f2b 234900 bind9-host_9.10.4-P5-1_amd64.deb 4fa3adfc750e9ce4cf9ac290dab0592c29ea5b21 18357 bind9_9.10.4-P5-1_amd64.buildinfo fb87eb8c21ce11d1b02a1bde704b5079cd358809 557382 bind9_9.10.4-P5-1_amd64.deb 40890e94b932eb91669c8835b5041e6922ab1895 894936 bind9utils-dbgsym_9.10.4-P5-1_amd64.deb a9a39c110158e867dc6f3a91fd33acb98c2554e2 382884 bind9utils_9.10.4-P5-1_amd64.deb b213ddd07e77472329ed7b25c1a456d023381aaa 240166 dnsutils-dbgsym_9.10.4-P5-1_amd64.deb 011d3cf8de05e8ec9a79e6c8846910cdf5a0075f 288670 dnsutils_9.10.4-P5-1_amd64.deb 8d1fa4f64dabc00f4034f3d2a2ff32c541d6e2ea 188490 host_9.10.4-P5-1_all.deb 861b857b8fecba3594f75397d6bc209848204fa5 1589596 libbind-dev_9.10.4-P5-1_amd64.deb 1a95ae8e2f6ddd32eadd9460cff8ca0907366ac4 1430980 libbind-export-dev_9.10.4-P5-1_amd64.deb 085ef93e44dfe458d0174a4d700680905da3b774 49594 libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb 85aa0c8945c75fa7227e5dfd7f81871220821378 209856 libbind9-140_9.10.4-P5-1_amd64.deb e1b5d1ad570a8d1dfe02c094187e4d92dbce213f 2037162 libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb d628100da309421d9ef0caa28d9c9f4ddbb5dca7 677488 libdns-export165-udeb_9.10.4-P5-1_amd64.udeb 1f9035be411123fae46f0b1f5269ed8f2e89c8f6 864084 libdns-export165_9.10.4-P5-1_amd64.deb c5743677721c86838301d41063ab958920e819b3 4523926 libdns165-dbgsym_9.10.4-P5-1_amd64.deb d826e1d4801074999e92d999982e87dc2fcafedf 1097836 libdns165_9.10.4-P5-1_amd64.deb 3f4965b6284f3a4fbd41893f65b60f64f1af5012 52468 libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb 47163f98a4ab67fad7ea53a66a4af95ad67508ae 15022 libirs-export141-udeb_9.10.4-P5-1_amd64.udeb b38d4ab3fee213d75988f2838f929fdf3497d60c 203088 libirs-export141_9.10.4-P5-1_amd64.deb 966f8f451938f278fd1450c8c04a7aefbbfbfa57 54948 libirs141-dbgsym_9.10.4-P5-1_amd64.deb fafb9da8c7dcefd8cb88cef9a21e8a2a6d0dbccd 203580 libirs141_9.10.4-P5-1_amd64.deb 69b5a754a9ff0528524b5cfd149a99c62d2f71e8 365596 libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb ffc66c031841c37c8c811dd16d5a5b20cd0e2643 151850 libisc-export160-udeb_9.10.4-P5-1_amd64.udeb b872943b24ae4bf998fc3ba9c443d312ad5c7c67 339714 libisc-export160_9.10.4-P5-1_amd64.deb 20ae0040b249f9b5c2db1458e16ea5e9eb666a87 838052 libisc160-dbgsym_9.10.4-P5-1_amd64.deb e32f028ea207a461d799c54a1f53df77f54a7072 403318 libisc160_9.10.4-P5-1_amd64.deb 2f96d2768f482ce7f39f5c042b6dd1571bf2d0eb 35040 libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb 2ac2ec33601191ec9f5ed83b67f033fb3090bba8 13752 libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb 57b0feb5d9496e4b4dbc3e5c07f61d2170fd56d5 201676 libisccc-export140_9.10.4-P5-1_amd64.deb 18753b6c5af272825f7892991c4b34a7ac8cfbbf 36030 libisccc140-dbgsym_9.10.4-P5-1_amd64.deb 4f63e15adbba35fca4fb77812ede9a5c3cce0289 201828 libisccc140_9.10.4-P5-1_amd64.deb 5c527f2208970961e5c6676fe4a60cb3a27879c1 76838 libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb 2945a88b80f33ec8b4e38c24fc1348f21f0d1cd7 36900 libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb 4ec374f54fd99d99794d0531392ff8ab08bab2ee 224664 libisccfg-export140_9.10.4-P5-1_amd64.deb 6f0f7672b859132e3dca8eda34f90fe8a7eefc3d 84608 libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb e07e7b00f0d6d5e0fa37464ef23456affbea8090 226588 libisccfg140_9.10.4-P5-1_amd64.deb 9e6910740a949995c040f577a091327608250dfb 80830 liblwres141-dbgsym_9.10.4-P5-1_amd64.deb 7951fea7053fac31cf268b0e9ab9450eefbee80e 217624 liblwres141_9.10.4-P5-1_amd64.deb d637d2313da78dfd31c05ac8a58531bbfb78ba4e 710170 lwresd-dbgsym_9.10.4-P5-1_amd64.deb 314d280b39f2d2edefc32bf16143183b73e72f89 412046 lwresd_9.10.4-P5-1_amd64.deb Checksums-Sha256: d14c9a98e3c995d7af6587d6e0d1c59f69ce766a0bb88f70c61a7b12ad94d77c 4394 bind9_9.10.4-P5-1.dsc 334c6de6588e115b7b584fff9f318a0f1a9f419a645f4e4798029bbdbdbb3709 9247565 bind9_9.10.4-P5.orig.tar.gz 58d1abd7047875a165d5ab8c5bc6e399f76400ad301ebf1d33436cfde25e8a8d 71688 bind9_9.10.4-P5-1.debian.tar.xz 8e897c486f40a144e2d91836c6aef6a338251e4b0736a3f5a671fb345e44ac35 1523414 bind9-dbgsym_9.10.4-P5-1_amd64.deb 55f69d15cbcf7dd41287eb1c1ec6e7dcc2eb616efc00683a0294e7baa5798782 386008 bind9-doc_9.10.4-P5-1_all.deb 0ad4273e9f23f6acbd216f199731b5fa6b4f6829602615a74e9cacdaf115e794 88342 bind9-host-dbgsym_9.10.4-P5-1_amd64.deb baf1ee72a6d4cb494a72062a30d0cca2f9548740ccb970497acc42b3d3b0041e 234900 bind9-host_9.10.4-P5-1_amd64.deb 7f3b41413ffa8e3bf92e926d810288f2c4fd02d512bbfad9ff298e454524158f 18357 bind9_9.10.4-P5-1_amd64.buildinfo 119ca5791e97daf54b1001fea129de3be5cae2a125e0af440432663af5cb7069 557382 bind9_9.10.4-P5-1_amd64.deb 6cae7d8eeb143d52e2d0005d9a152e4d0c1d6c13bd6da90ecdb62e09b79b3b69 894936 bind9utils-dbgsym_9.10.4-P5-1_amd64.deb 83f9df5f709e0ebfa417ad0dc0598f9782ffd1e0a38d919e30cc4ed0302ea657 382884 bind9utils_9.10.4-P5-1_amd64.deb cd9bbcf737a5411019b05b4aeb81d87c8a794687de6536e48185695ccc843d7e 240166 dnsutils-dbgsym_9.10.4-P5-1_amd64.deb 254dbb7be3d2cb7ce7514bcd02900af19dbfcd5fc88f7a139ab52037a18cb13e 288670 dnsutils_9.10.4-P5-1_amd64.deb b88cdc91811b1baeb13d9409794b4b4a09e93b864f43df7fdf4b12ca4930ecbb 188490 host_9.10.4-P5-1_all.deb 5249c4eb5a983a7c602a2f995df7b5d802e8788e4ece0d079bcf0a0686bdbd8f 1589596 libbind-dev_9.10.4-P5-1_amd64.deb dfab1c91f81e5d3ef838d904bd470f7cb01ab2fc9aba978286158f251c799ca2 1430980 libbind-export-dev_9.10.4-P5-1_amd64.deb ddfdce5aafed53c1f45ff03b41068b9a4143875d79759af1222aac5534753364 49594 libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb 76deda7607c602f9c649270676e28478e662ce0cff55662b740494c223da0701 209856 libbind9-140_9.10.4-P5-1_amd64.deb 3b7fc298703fdf46dffcb774142297d2a051da3c161b172d8b13190a998e03a4 2037162 libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb a598ed95793edd872803e5e77d19d19dce8a95ea599be3d760996b70dede6dc9 677488 libdns-export165-udeb_9.10.4-P5-1_amd64.udeb 98af007d22ca5e641823a9716505d6bfe411585b2467bdfcb422a5ffe19c3465 864084 libdns-export165_9.10.4-P5-1_amd64.deb 1b3724ad0703d89f166fe431a2201fcc7d3befd135de1352e0176cda6ac61bd6 4523926 libdns165-dbgsym_9.10.4-P5-1_amd64.deb 1cb0c1334127d19c5aa8989ac5644eddaf6aadad34b8f9521a73775da16de5ef 1097836 libdns165_9.10.4-P5-1_amd64.deb 47f145b3d06b0c4cc558fb23a0e7af059ac6f72918ee36a3da2c6e572611d286 52468 libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb a7ac57d1208a074a15bcd870caf25b25cb31312bc6d2facb55b11a454e5dbb85 15022 libirs-export141-udeb_9.10.4-P5-1_amd64.udeb 1a8bd53b5bf959eccb07f36cbc3b4d504fcc881f787f46f568a46c1343bdfa38 203088 libirs-export141_9.10.4-P5-1_amd64.deb 7dabcc27382149c67427aaa2bfe96d496025a7fba3a6b9d9cbb13e993484ca73 54948 libirs141-dbgsym_9.10.4-P5-1_amd64.deb c339595c6dc3d2fe3693bf221ef17d2cc9aa441ad3e9140278a6740991412c46 203580 libirs141_9.10.4-P5-1_amd64.deb 4574ce113f87ca16d9b137c29d122277f098dbc548a05cbc6960d51585240cd5 365596 libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb 45671fd193d4c926c1f9a10a4462d265a3c6b423ed7fea86811e111b72da496f 151850 libisc-export160-udeb_9.10.4-P5-1_amd64.udeb 5d59363bf3a7f53b3595e7819fb641d2f9c3636cb33bdaf7ac81de848f93ba3d 339714 libisc-export160_9.10.4-P5-1_amd64.deb 2354b6660a02c6c9e71aa85ac4de469290e149171d8e96d32bc9ea14b30baeaa 838052 libisc160-dbgsym_9.10.4-P5-1_amd64.deb b53c6144fe9c004468f650e3695097951bd28e7bf81a85e2f77110d002a66525 403318 libisc160_9.10.4-P5-1_amd64.deb 733a1091969da47fa086b381f21c52e9fcd00af7dd5c1546c3b066e5ee25f6ec 35040 libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb fddb8983ad5379d5f6c73000a250660eb26a079faf61c4b32f85b46ea2243b14 13752 libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb 346c04654b17fcebbae95a4b6922e6262fb4ba11a184eddf05654b160a7162e2 201676 libisccc-export140_9.10.4-P5-1_amd64.deb 25c803b51d7aff6143579994fcbc5847e0357eb4500614c88ad9d48cfb18db91 36030 libisccc140-dbgsym_9.10.4-P5-1_amd64.deb f34058da50675307f30f8046af5f37afc5fbfc6353c9341e473f7e04bda66ac1 201828 libisccc140_9.10.4-P5-1_amd64.deb 7ada91b720a50fecb8328fbd223709964ba7af572a6f0667cb859fd58153f0c1 76838 libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb ae049905e94cc8a5ea679b091f85e9ea550e27d0c301fba36e8fc9f1535cdc18 36900 libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb c4993d092d0c6324cbceede0b4f7b504a49a280ff224c67829462648e0b4548b 224664 libisccfg-export140_9.10.4-P5-1_amd64.deb edea69b5d37b6f8e742dd5f1151c777e6fea62046db1d042e338088d3f0822cf 84608 libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb e9d51c6be50c411194baed91045e6fa68f7def2125b9063d0645d16ce2b8e6b0 226588 libisccfg140_9.10.4-P5-1_amd64.deb 7a5e565d5cfea1f27642f0c51e165c1d2d177116e4a6be4673e6bf73360ac8ef 80830 liblwres141-dbgsym_9.10.4-P5-1_amd64.deb 83435f9a3fe4d3dedcc5e601828a112d2335b73c6e983bb01c855243887d5c8c 217624 liblwres141_9.10.4-P5-1_amd64.deb 0e2bee22819992d67b6f4bd8c0361676f93fb5eb175e53b9f7fa98b9e7245fd5 710170 lwresd-dbgsym_9.10.4-P5-1_amd64.deb aeff45d0b360739436357ae41b825bfecac7c5d4c3e0435a9205260f8a73282f 412046 lwresd_9.10.4-P5-1_amd64.deb Files: b564233ac8d3f0381cd7e18c28593f4e 4394 net optional bind9_9.10.4-P5-1.dsc 2e92300b570f2063e775a847450ed088 9247565 net optional bind9_9.10.4-P5.orig.tar.gz 2ca4ab0d2cf2975e202ce69d9ef28fd2 71688 net optional bind9_9.10.4-P5-1.debian.tar.xz e9a4928e91b96f46c09f0621efaf89b8 1523414 debug extra bind9-dbgsym_9.10.4-P5-1_amd64.deb f2110d0fc907b99623678731fde581a6 386008 doc optional bind9-doc_9.10.4-P5-1_all.deb 0deef1462435bdde4a7a178508878ca2 88342 debug extra bind9-host-dbgsym_9.10.4-P5-1_amd64.deb 98a8a9aa9f3e854ec0a96d65238d3720 234900 net standard bind9-host_9.10.4-P5-1_amd64.deb cb84dd775b2ffd27f331e1ba7e6e6fcf 18357 net optional bind9_9.10.4-P5-1_amd64.buildinfo 02555ec22fd757aa1fc2cce4d4ec49ad 557382 net optional bind9_9.10.4-P5-1_amd64.deb 8285839188a22c6264ca3d6f97284fe3 894936 debug extra bind9utils-dbgsym_9.10.4-P5-1_amd64.deb 57d3815a92149aa37689da9de0e92c45 382884 net optional bind9utils_9.10.4-P5-1_amd64.deb 249698123dcbc0b37602788c88faaad9 240166 debug extra dnsutils-dbgsym_9.10.4-P5-1_amd64.deb dfb5605e7725a742e921d95fc01c9f71 288670 net standard dnsutils_9.10.4-P5-1_amd64.deb 8de02ab1797cab49671e63d4bd2ff725 188490 net standard host_9.10.4-P5-1_all.deb c1b4a0f7ce5c98ee667b4f478d3ef6ac 1589596 libdevel optional libbind-dev_9.10.4-P5-1_amd64.deb 9ca589d5715d2b76a5e3d85d71c7bc08 1430980 libdevel optional libbind-export-dev_9.10.4-P5-1_amd64.deb 8b40887efb269a073791b1bc8912aff3 49594 debug extra libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb 399e2dfa969b27dcf9e511f265f5551f 209856 libs standard libbind9-140_9.10.4-P5-1_amd64.deb 4b9f4624b2f8b5d57bcecd1336be9686 2037162 debug extra libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb e19e330e725bb873ab095496c94a3192 677488 debian-installer optional libdns-export165-udeb_9.10.4-P5-1_amd64.udeb 9cfc8b4a90768f715c7d7c19b3a94502 864084 libs optional libdns-export165_9.10.4-P5-1_amd64.deb c360b969652809c86d57ab8383f74989 4523926 debug extra libdns165-dbgsym_9.10.4-P5-1_amd64.deb e9de745a036d2e301c37c8cfedc41dd0 1097836 libs standard libdns165_9.10.4-P5-1_amd64.deb 98940551be6047efae2782266ffdf374 52468 debug extra libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb db3a452c6f61c2bb41bdf049d4d776da 15022 debian-installer optional libirs-export141-udeb_9.10.4-P5-1_amd64.udeb 690dafeba3736a13adea99bc1ea4bfc2 203088 libs optional libirs-export141_9.10.4-P5-1_amd64.deb 22778bd4634982209c48799c24a61615 54948 debug extra libirs141-dbgsym_9.10.4-P5-1_amd64.deb 90e99115f82e17d0693a91b06576e1db 203580 libs standard libirs141_9.10.4-P5-1_amd64.deb 2cb7b276ed65fad4ef1bd350a32f6b46 365596 debug extra libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb bab940192b044c47a72d7d1e9da9ff73 151850 debian-installer optional libisc-export160-udeb_9.10.4-P5-1_amd64.udeb c5c97cafd7c216c64b9866fa0d016c98 339714 libs optional libisc-export160_9.10.4-P5-1_amd64.deb 593b9415082bac6c8ff526daf1e4252f 838052 debug extra libisc160-dbgsym_9.10.4-P5-1_amd64.deb dfc07886f17f6124a0c5e460ecb5557d 403318 libs standard libisc160_9.10.4-P5-1_amd64.deb 1e2b2a678c42d62b6cce7d0e0430fc5a 35040 debug extra libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb aeb763de02159202f2333cac7948717d 13752 libs optional libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb 2ee7e3a262a3b8268da37c0d5531d095 201676 libs optional libisccc-export140_9.10.4-P5-1_amd64.deb e77979ed594f552580226afc934cee90 36030 debug extra libisccc140-dbgsym_9.10.4-P5-1_amd64.deb 997c70bda5e4d80866485276052a3cb3 201828 libs optional libisccc140_9.10.4-P5-1_amd64.deb 6bd8817bd3324e87c1f0e6e92b5a7760 76838 debug extra libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb 3dd2f08983333acabc013af7db68831f 36900 debian-installer optional libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb 05f8a85a4d5bb63e99c3365b6a5d62b1 224664 libs optional libisccfg-export140_9.10.4-P5-1_amd64.deb ab3857fc4d86055c36c7dfb55a61b339 84608 debug extra libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb 3df88c6d4572610d04a54e56af298576 226588 libs standard libisccfg140_9.10.4-P5-1_amd64.deb fab0b9ae381b6c190d565ed0b3f09615 80830 debug extra liblwres141-dbgsym_9.10.4-P5-1_amd64.deb 85e61b3f89836d9ccddd93639b0b136d 217624 libs standard liblwres141_9.10.4-P5-1_amd64.deb a04074b2926afabfa480ab3cc48f9a0c 710170 debug extra lwresd-dbgsym_9.10.4-P5-1_amd64.deb befe35eac663e99249c765ee5db015e8 412046 net optional lwresd_9.10.4-P5-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlh7OtAACgkQuNayzQLW 9HPWJyAAioJ5PtiFLAsRBPdibUkiqwEhPmvxaKIqeOW7BdQHcECC+nbdDijS4k5H BP+3d0sd0adFicnzM5KNGaoQgnAfQHjx+K0Umf9SxHP0+Q7nW/RX/7PAoYYRmNmw eI187nwQBexVtnCnzaz0/B/rB9YZoS4hU/US329zUEyubCtS5a3D3TL9+P2OLVKe QjzMf131D03IYd9c9t280gy0NbhrHnjoOm0gMxMWuHZLl7tF9HAEu+tkAI6FUmkq WU8bv1vcM7+kGzQd5zNWhBreofVHuO3t9BMkWnRgu2+PAAE04PDTVWT6O1GmrTnI 9xoi/tKe++Nl253FcoKQfUC2V+ohu8oQ2kFMZhCwURs5vMPjBNeINbm7YgtoioaL RS+eSEnuygxuORcfOm8p8kFA18uA8vI9P8oo3ZaOo4CF6/WfA6A5bs1aLE79X1aJ Lhwbz805s1y57rr4Xu01inwZk+AI/Jogp3C7EEUNXrjerr8Ial1vqEvz/OXR0ch9 Oiyc+1LI4sJ7WB00Qf/LqlllVF6fSQNndrapjJIhEU5Luk8EBt03brvR5W/LnUHo 5txgMEL60DLK6Lt4xQueGYJhofpPRv/1QBumnlYB0mTT86XsUoM5q10JTAxg9fuw x9TMqrK8yzL9AiSlvqpXq5lv6vc+CcC0RjCgjAnXeKYIXibZeZ38zV5VrhDdu37p 6e9Y65V7mfvBH1YVQpbvf3gcxnqCyIeOgVGBWji7BpCpwmqjm6Ys5wpuGgW8JzWa y5VDPsaydKQuVHReFsUVG9KI5L/3O3MbKxGrseMcVRecXXV1UvEXi6B/HmLhdgpK hXciopjOEmH90qxwL+c/1lochXrLTytDFo2jOdliPonwvQhMmzudhbNx3pPgL4R6 ePst9O8b3yC+8+T7ExoZLZQO05f79j7+H2DHYKbuWXDCf/PkY1a7tvvHNlp5lKzh Vtiv+7H97nGLh4A7HEd02xALcwNTJk0IKc4cKz1Tgc4SWleTW3rpqdDG6KP5NjlR z32v5HnuLCcQwy77ka60pnMn22z2d296khZ22fWV38ZcJ34L3lYgLnmcJdVOwizk TmzbeS+SlIEJAPRtT5xS6+wVGwxWdqn0fDip76HM8eWfJ2zbvmzWtZF06yqCNtpO FcZ5+xOn12C4USZmircrIgu5PnHie7ui0rowi8zELpG7rsmYYdPCDuYHaTPKRoLv yKWJPA1CSKznC6bHGzi8GZPS3x5Hy6CKHzC/XlzsZg2yIcKeGEYFdbZ9vDetCKnT NlNR8TDioJ2SKN6rcSorS1S4vCmzQziQ6sW5fwE+/kHt8qFKHazHM9pYkmC9DU2P O+ibMLYQBTkfypWFyPvCuClnkGWbCQ== =/Tyq -----END PGP SIGNATURE-----
Reply sent
to Michael Gilbert <mgilbert@debian.org>
:
You have taken responsibility.
(Sun, 22 Jan 2017 07:36:08 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>
:
Bug acknowledged by developer.
(Sun, 22 Jan 2017 07:36:08 GMT) (full text, mbox, link).
Message #43 received at 839010-close@bugs.debian.org (full text, mbox, reply):
Source: bind9 Source-Version: 1:9.10.3.dfsg.P4-11 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 839010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Jan 2017 04:03:28 +0000 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source Version: 1:9.10.3.dfsg.P4-11 Distribution: unstable Urgency: medium Maintainer: LaMont Jones <lamont@debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export162 - Exported DNS Shared Library libdns-export162-udeb - Exported DNS library for debian-installer (udeb) libdns162 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 828082 831796 839010 842858 848519 851062 851063 851065 Changes: bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium . * Fix some lintian warnings. * Add lsb-base dependency to lwresd (closes: #848519). * Fix CVE-2016-2775: crash in lwresd due to a long query name (closes: #831796). * Fix CVE-2016-2776: maliciously crafted query can cause named to crash (closes: #839010). * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause named to crash (closes: #842858). * Fix CVE-2016-9131: maliciously crafted response to an ANY query can cause named to crash (closes: #851065). * Fix CVE-2016-9147: query with contradictory DNSSEC information can cause named to crash (closes: #851063). * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) record can cause named to crash (closes: #851062). * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now (closes: #828082). . [ LaMont Jones ] * Update VCS fields in control. * -DDIG_SIGCHASE got dropped by the change in hardening. . [ Stefan Bader ] * Use the defaults file in systemd. Checksums-Sha1: ab07401804633455b7306f1e1339ba5ea4fd3e49 4445 bind9_9.10.3.dfsg.P4-11.dsc 4b7a849cd74c4fe16a10086c5bf20851f1929e2f 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz Checksums-Sha256: 1b88dbe9dadc24cc929cd918a800d5d459f46cac6cbdb4d27e4d79c04ab04cec 4445 bind9_9.10.3.dfsg.P4-11.dsc 057d64b8e6c6461186cba1aaae20ffe48d38642d2dedd08973055051e2cd823c 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz Files: f46552b04e1d0f460ca47311eb7630f7 4445 net optional bind9_9.10.3.dfsg.P4-11.dsc 8922bc6f78cac01f0eb01bff879e5bac 72400 net optional bind9_9.10.3.dfsg.P4-11.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliEXHQACgkQuNayzQLW 9HNQ8yAAgoz2iojLTstzL0j6cV5SYchsP4kgrMRzYmtZNo6B08g0gQYvtW8DTZqK fELXm7owiA2Becw5fup28bMHWh/LtscPRlZtLp+43RoiulLSpFideGbvMAgbUMWc +okm5x842vZ36SQvPUA3T163dLL4DzIOWQI41aJC2B0+0oScghJhmRwpQQNXuup5 ZHbgR7nHn1aex37gLsckuHrqRbZ8U9FmF/vZIzKr8zqR5Uga8S1BneTQpkW8HBv3 8AMCmgxeKk7PY0lrBiEAfEL+r39x/vP0DIP6huJ/QaIpH7S/WbK7xXx2AsZG2p+h fuSppUMxfcb07cBNB+zJ+QII+S9I2eNJFFqe+qH8eSkh4DdXoe8EmXnLf7FF/Cew 2NfGHzfz/2WQPkdkkO0Z+m+BrGNeqM9nD2m16StV6wK4/7u8Mwi/d4eJ+0hJ7D7S SafFK83IZbgJoHg5xyqHOM9j8q0VL52/As+VLtbUd5qaF3B8sgzrITp/Dkn2ZYvW VkAsGyuN8l+VQktNIP6h4AsW5UzHTv/o7O55hjzydJDGYL1ROt17ewB9RetnvTDi 9r6SwtRnxIyawR1+23z3VwwU3iPahKaBJKDUf1fclPXdYibNPS9Oqon1I1FtrNzI d5iYEs9R31aaBpDdqgiUBotZCeMgAU+s9O552cVMVPyaTnyY8eeFZePyOQAgWV+2 siLPGqlX7HTcASAxvmi5XRWvNwwPPs21RG3LPNv7QNDYZ8ZaNIwv5UtMi78nz/jF YTJotTcOYaAzp9P/AOhl7HuCQkj8leyq7D3/aZS3CoyNsrE++9j8n4PfpleiOYVp c9KlDTYevKTCFtr8Y2swOLheqJpswuAxVWT68bx2JAUSRI5lBmF83Qn+dHr7ckCi zLsNVv/+21hC6iGOL39jcOrRDx7VMTAWdv8dMeaiOW9jINmFBQDp10awM2KpTs7m SEnbpuQ0wHzHEHyNQCLYBaQe6C/pGNZh6rDEu8JxMbux6xQkzTZ136BZYwiBSWqD ++PXlwbeSx/2DaUhjIDgWprWgm9ywNLw0aBjP0V6u5tzu1rOsQ0oiQyxUyzOFo7t tP3f0bWxn8AvNFZIxdtFEFIQrJIl2TTPM1SRX4Msq5ZVuxAJkuF+hlOjhmV1QEE1 vqeii45CpEUmzE0bbi/K1MhHBC8aVUWwMmwEu9omr9OH4niXqLoelGhn5juXH0fk us40Z8qWtYTDcdkvWR+3aaes7nowR7IgEKBNSbs8YfOLh4719nwi0AyxavYiOUhY 4ACFkLFIOI9Pa958YaBpdpyYqXNJ5NLGHad4nQRmeEB07y5Ru/yg021V/8bH8K+2 eSB/q3fpOMqfcAA6KDbAodocv0NK/g== =f9Oz -----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Wed, 05 Apr 2017 19:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to stephen.arnold@acm.org
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Wed, 05 Apr 2017 19:39:03 GMT) (full text, mbox, link).
Message #48 received at 839010@bugs.debian.org (full text, mbox, reply):
This is still a problem for mips/mipsel but stretch has the upstream fixes. Can you please add the stretch bind9 packages to jessie-backports? I'm building it now on edgerouter (albeit slowly) but a lot of other people running on this hardware could benefit from the fixes. Thanks in advance... -- Stephen L. Arnold Principal Scientist / System Architect sarnold@vctlabs.com Vanguard Computer Technology Labs, Inc. http://www.vctlabs.com 81 David Love Pl #212 mobile: (805) 863-8299 Goleta, CA 93117 lab: (805) 683-3503
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Wed, 05 Apr 2017 20:15:06 GMT) (full text, mbox, link).
Acknowledgement sent
to James Cowgill <jcowgill@debian.org>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Wed, 05 Apr 2017 20:15:06 GMT) (full text, mbox, link).
Message #53 received at 839010@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, On 05/04/17 20:31, Steve Arnold wrote: > This is still a problem for mips/mipsel but stretch has the > upstream fixes. Can you please add the stretch bind9 packages to > jessie-backports? I'm building it now on edgerouter (albeit > slowly) but a lot of other people running on this hardware could > benefit from the fixes. > > Thanks in advance... This bug should already be fixed in jessie. Do you have the latest version from jessie-security (1:9.9.5.dfsg-9+deb8u10)? James
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Tue, 11 Apr 2017 16:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to stephen.arnold@acm.org
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Tue, 11 Apr 2017 16:51:02 GMT) (full text, mbox, link).
Message #58 received at 839010@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, 5 Apr 2017 21:11:43 +0100 James Cowgill <jcowgill@debian.org> wrote: > Hi, > > On 05/04/17 20:31, Steve Arnold wrote: > > This is still a problem for mips/mipsel but stretch has the > > upstream fixes. Can you please add the stretch bind9 packages > > to jessie-backports? I'm building it now on edgerouter (albeit > > slowly) but a lot of other people running on this hardware could > > benefit from the fixes. > > > > Thanks in advance... > > This bug should already be fixed in jessie. Do you have the latest > version from jessie-security (1:9.9.5.dfsg-9+deb8u10)? That version has the worst of it, at least it's not consistent when it fails (different file names, etc). After updating all the way to 9.10.4-P5 (plus bumping libdb) it still has the INSIST failure; it just takes a few more hours before it dies: 11-Apr-2017 05:41:03.304 general: critical: ../../../lib/dns/rbtdb.c:9788: INSIST((rbtdb->rdatasets[header->node->locknum]).head != (header)) failed 11-Apr-2017 05:41:03.305 general: critical: exiting (due to assertion failure) It does not fail like this on x86 or ARM, but the other hosts I have to compare are running Gentoo (mainly hardened profile) and we still provide libdb4.8 (which is what bind links against on Gentoo instead of libdb5.3-whatever on debian). If you have an easy way to downgrade libdb or some other fix for bind, that would be awesome, otherwise I am running out of ideas... Thanks, Steve
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>
:
Bug#839010
; Package bind9
.
(Wed, 12 Apr 2017 14:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to James Cowgill <jcowgill@debian.org>
:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>
.
(Wed, 12 Apr 2017 14:39:06 GMT) (full text, mbox, link).
Message #63 received at 839010@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, On 11/04/17 17:46, Steve Arnold wrote: > On Wed, 5 Apr 2017 21:11:43 +0100 > James Cowgill <jcowgill@debian.org> wrote: > >> Hi, >> >> On 05/04/17 20:31, Steve Arnold wrote: >>> This is still a problem for mips/mipsel but stretch has the >>> upstream fixes. Can you please add the stretch bind9 packages >>> to jessie-backports? I'm building it now on edgerouter (albeit >>> slowly) but a lot of other people running on this hardware could >>> benefit from the fixes. >>> >>> Thanks in advance... >> >> This bug should already be fixed in jessie. Do you have the latest >> version from jessie-security (1:9.9.5.dfsg-9+deb8u10)? > > That version has the worst of it, at least it's not consistent when > it fails (different file names, etc). After updating all the way > to 9.10.4-P5 (plus bumping libdb) it still has the INSIST failure; > it just takes a few more hours before it dies: > > 11-Apr-2017 05:41:03.304 general: > critical: ../../../lib/dns/rbtdb.c:9788: > INSIST((rbtdb->rdatasets[header->node->locknum]).head != (header)) > failed 11-Apr-2017 05:41:03.305 general: critical: exiting (due to > assertion failure) I've managed to reproduce this fairly reliably (usually within a minute) by sending massive amounts of DNS queries to bind9. The only MIPS specific bug I am aware of is #778720 which might be causing this. There is a patch here which you can try and I'll also have a look and see if I can fix it: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778720#15 If that's not the cause, I'll open a new bug for this. > It does not fail like this on x86 or ARM, but the other hosts I > have to compare are running Gentoo (mainly hardened profile) and we > still provide libdb4.8 (which is what bind links against on Gentoo > instead of libdb5.3-whatever on debian). #778720 is Debian specific which would explain why Gentoo works fine (even on MIPS). Thanks, James
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 20 Oct 2017 07:25:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.