[Bug 1701687] Re: Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5
Andreas Hasenack
andreas at canonical.com
Fri Aug 11 13:32:20 UTC 2017
** Summary changed:
- Please merge 1:9.10.3.dfsg.P4-10.1ubuntu6 -> 1:9.10.3.dfsg.P4-12.5
+ Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5
** Description changed:
- Please sync with debian and merge 1:9.10.3.dfsg.P4-10.1ubuntu6 ->
- 1:9.10.3.dfsg.P4-12.3
+ bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
+ signed TCP message sequences where not all the messages contain TSIG
+ records. These may be used in AXFR and IXFR responses.
+ (Closes: #868952)
+
+ -- Salvatore Bonaccorso Fri, 21 Jul 2017 22:28:32 +0200
+
+ bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
+
+ * Non-maintainer upload.
+
+ [ Yves-Alexis Perez ]
+ * debian/patches:
+ - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
+ CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
+ transfers. An attacker may be able to circumvent TSIG authentication of
+ AXFR and Notify requests.
+ CVE-2017-3143: error in TSIG authentication can permit unauthorized
+ dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
+ signature for a dynamic update.
+ (Closes: #866564)
+
+ -- Salvatore Bonaccorso Sun, 16 Jul 2017 22:13:21 +0200
+
+ bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Dns64 with "break-dnssec yes;" can result in a assertion failure
+ (CVE-2017-3136) (Closes: #860224)
+ * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
+ assertion failures (CVE-2017-3137) (Closes: #860225)
+ * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
+ (Closes: #860226)
+
+ -- Salvatore Bonaccorso Sun, 07 May 2017 15:22:46 +0200
+
+ bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
+ hangs and crashes on MIPS. (Closes: #778720)
+
+ -- James Cowgill Tue, 18 Apr 2017 16:42:50 +0100
+
+ bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use /dev/urandom to avoid blocking in the server process.
+ (closes: #854243)
+
+ -- Bastian Blank Fri, 17 Mar 2017 19:07:16 +0100
+
+ bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high
+
+ * Merge and accept the non-maintainer upload.
+ * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
+ * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
+ both DNS64 and RPZ are being used (closes: #855520).
+
+ -- Michael Gilbert Sun, 19 Feb 2017 22:39:32 +0000
+
+ bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
+ Patch by Marc Haber (Closes: #820974).
+
+ -- Arturo Borrero Gonzalez Tue, 07 Feb 2017 10:42:00 +0100
+
+ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
+
+ * Fix some lintian warnings.
+ * Add lsb-base dependency to lwresd (closes: #848519).
+ * Fix CVE-2016-2775: crash in lwresd due to a long query name
+ (closes: #831796).
+ * Fix CVE-2016-2776: maliciously crafted query can cause named to crash
+ (closes: #839010).
+ * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
+ named to crash (closes: #842858).
+ * Fix CVE-2016-9131: maliciously crafted response to an ANY query can
+ cause named to crash (closes: #851065).
+ * Fix CVE-2016-9147: query with contradictory DNSSEC information can
+ cause named to crash (closes: #851063).
+ * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
+ record can cause named to crash (closes: #851062).
+ * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
+ (closes: #828082).
+
+ [ LaMont Jones ]
+ * Update VCS fields in control.
+ * -DDIG_SIGCHASE got dropped by the change in hardening.
+
+ [ Stefan Bader ]
+ * Use the defaults file in systemd.
+
+ -- Michael Gilbert Thu, 19 Jan 2017 04:03:28 +0000
+
+ bridge-utils 1.5-9ubuntu2 -> 1.5-14
+
+ * Last Uploader: Ryan Harper (sponsored by Mathieu Trudel-Lapierre)
+
+ Debian changes newer than ubuntu version:
+
+ bridge-utils (1.5-14) unstable; urgency=low
+
+ * Fix a problem with some vlan interfaces not being created.
+
+ -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200
+
+ bridge-utils (1.5-13) unstable; urgency=low
+
+ * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841.
+
+ -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100
+
+ bridge-utils (1.5-12) unstable; urgency=medium
+
+ * Add vlan support so that old setups using vlans as ports don't
+ break.
+
+ -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100
+
+ bridge-utils (1.5-11) unstable; urgency=low
+
+ * Change /etc/default/bridge-utils to enable addition of hotplugged
+ interfaces.
+ * Integration with the vlan package is causing problems, we have
+ removed it and rely on ifupdown implementing it. Closes: #818849.
+
+ -- Santiago Garcia Mantinan Wed, 14 Dec 2016 23:26:05 +0100
+
+ bridge-utils (1.5-10) unstable; urgency=low
+
+ * Fix wait when bridge is ready. Thanks Alexander. Closes: #779348.
+ * Added some documentation on the README.Debian file to comment some
+ config bugs. Closes: #765000, #815927.
+ * Clarify pre-up commands changing an example on the man page for
+ bridge-utils-interfaces. Closes: #783956.
+
+ -- Santiago Garcia Mantinan Thu, 10 Nov 2016 22:23:49 +0100
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1701687
Title:
Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1701687/+subscriptions
More information about the Ubuntu-server-bugs
mailing list