[ubuntu/groovy-proposed] bind9 1:9.16.1-0ubuntu3 (Accepted)

Tue May 19 13:23:14 UTC 2020

bind9 (1:9.16.1-0ubuntu3) groovy; urgency=medium

  * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
    performed when processing referrals
    - debian/patches/CVE-2020-8616.patch: further limit the number of
      queries that can be triggered from a request in lib/dns/adb.c,
      lib/dns/include/dns/adb.h, lib/dns/resolver.c.
    - CVE-2020-8616
  * SECURITY UPDATE: A logic error in code which checks TSIG validity can
    be used to trigger an assertion failure in tsig.c
    - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
      BADTIME response in lib/dns/tsig.c.
    - CVE-2020-8617

Date: Tue, 19 May 2020 09:03:32 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 May 2020 09:03:32 -0400
Source: bind9
Architecture: source
Version: 1:9.16.1-0ubuntu3
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 bind9 (1:9.16.1-0ubuntu3) groovy; urgency=medium
 .
   * SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
     performed when processing referrals
     - debian/patches/CVE-2020-8616.patch: further limit the number of
       queries that can be triggered from a request in lib/dns/adb.c,
       lib/dns/include/dns/adb.h, lib/dns/resolver.c.
     - CVE-2020-8616
   * SECURITY UPDATE: A logic error in code which checks TSIG validity can
     be used to trigger an assertion failure in tsig.c
     - debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
       BADTIME response in lib/dns/tsig.c.
     - CVE-2020-8617
Checksums-Sha1:
 e25732e7397d094255a04cbea477ecf78ec10438 2728 bind9_9.16.1-0ubuntu3.dsc
 0f3553db21882e9f10e2b7340eed6fdb4074dfff 68428 bind9_9.16.1-0ubuntu3.debian.tar.xz
 e2382ca8dcf7821d0262639ba77692711cfaaafb 8516 bind9_9.16.1-0ubuntu3_source.buildinfo
Checksums-Sha256:
 5ea9f40c6eedfa3ded5624c8f732a0b8ea1d097f86783e520dab8157ae0604c3 2728 bind9_9.16.1-0ubuntu3.dsc
 dd68ec20c0bc9bea0a4da82b26d5b6452f3bc2db4f721e4f1d78173127166cba 68428 bind9_9.16.1-0ubuntu3.debian.tar.xz
 959f6d56c8a4e3b2c679e182cfd2d1e6860aa5dc81e465b27be187e53d865343 8516 bind9_9.16.1-0ubuntu3_source.buildinfo
Files:
 01fef7c8615443f6154de4dc7fdf3af8 2728 net optional bind9_9.16.1-0ubuntu3.dsc
 5a6773eb8bee64bfc5320ff83a99f55f 68428 net optional bind9_9.16.1-0ubuntu3.debian.tar.xz
 def48ec5babc87571b902323b543cb23 8516 net optional bind9_9.16.1-0ubuntu3_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7D3TsACgkQZWnYVadE
vpOU3g//QkfpcZu6NDSs3k2Y+a/UaTqd3ix0177ASr+R3DyUQO+Zho9Yms3EmYlV
FUL0t7pvGk8NZWvaqa5DQcxkc9If9NFLFeCRK2vC1grbRAZLuw/Z8SrPd2C+b6e3
o+9brSCupxqyxh346nfFC7tBCyTQ3QtU6E1BHSQ+wde82P2m9tVG6nTiGUyxyeUF
6w0wfAo/tdg7927/djfbhM1Aa0IjeuQraJADz/cM6o9aDiSRm5VYTkmPwnhtJCW1
N0cb0gumSzl+02hB3dafM21RgBjqvnZbliDDe3LitRFKIXDDtOma0i2LbPW1P1FU
VaZi3HTRhl4vImhk2AI6AXOUoOiy68VitSXhw7MWrrjW4XqwuNbMp+oKtz1BpdzU
ON/SbnPVNCoAX28Etpfj8R4AuEN0V/FKv0Xf1BKfkYQgnYCNY/v4IOr0CVkk0Yao
r7mmvC9l7Gwe6xGNYf8JD7AEVWEtzGCEhxTyZzExJbKv4eX7u0rHW52Wijm5ymNw
XLer4zbNZlV9mv0DncjaCcisHMuqwJfdFQUpDbseNvAV84tU0gNm27e8fzk1QEdA
NzsK6DsrHxKozzACRM3zlOQYdMeWK914/PpfLTMxDsEvKXMnFDclZ0ag+nLGUafl
j1A9Jo0X9npnOXGsgUh5sIDjweXaueqZFDrI+F4za0IMYs4TY8Q=
=TkdB
-----END PGP SIGNATURE-----