[Bug 1701687] Re: Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5

Andreas Hasenack andreas at canonical.com
Fri Aug 11 13:32:20 UTC 2017


** Summary changed:

- Please merge 1:9.10.3.dfsg.P4-10.1ubuntu6 -> 1:9.10.3.dfsg.P4-12.5
+ Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5

** Description changed:

- Please sync with debian and merge 1:9.10.3.dfsg.P4-10.1ubuntu6 ->
- 1:9.10.3.dfsg.P4-12.3
+ bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
+     signed TCP message sequences where not all the messages contain TSIG
+     records. These may be used in AXFR and IXFR responses.
+     (Closes: #868952)
+ 
+  -- Salvatore Bonaccorso   Fri, 21 Jul 2017 22:28:32 +0200
+ 
+ bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
+ 
+   * Non-maintainer upload.
+ 
+   [ Yves-Alexis Perez ]
+   * debian/patches:
+     - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
+       CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
+       transfers. An attacker may be able to circumvent TSIG authentication of
+       AXFR and Notify requests.
+       CVE-2017-3143: error in TSIG authentication can permit unauthorized
+       dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
+       signature for a dynamic update.
+       (Closes: #866564)
+ 
+  -- Salvatore Bonaccorso   Sun, 16 Jul 2017 22:13:21 +0200
+ 
+ bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
+ 
+   * Non-maintainer upload.
+   * Dns64 with "break-dnssec yes;" can result in a assertion failure
+     (CVE-2017-3136) (Closes: #860224)
+   * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
+     assertion failures (CVE-2017-3137) (Closes: #860225)
+   * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
+     (Closes: #860226)
+ 
+  -- Salvatore Bonaccorso   Sun, 07 May 2017 15:22:46 +0200
+ 
+ bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
+     hangs and crashes on MIPS. (Closes: #778720)
+ 
+  -- James Cowgill   Tue, 18 Apr 2017 16:42:50 +0100
+ 
+ bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Use /dev/urandom to avoid blocking in the server process.
+     (closes: #854243)
+ 
+  -- Bastian Blank   Fri, 17 Mar 2017 19:07:16 +0100
+ 
+ bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high
+ 
+   * Merge and accept the non-maintainer upload.
+   * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
+   * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
+     both DNS64 and RPZ are being used (closes: #855520).
+ 
+  -- Michael Gilbert   Sun, 19 Feb 2017 22:39:32 +0000
+ 
+ bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
+     Patch by Marc Haber  (Closes: #820974).
+ 
+  -- Arturo Borrero Gonzalez   Tue, 07 Feb 2017 10:42:00 +0100
+ 
+ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
+ 
+   * Fix some lintian warnings.
+   * Add lsb-base dependency to lwresd (closes: #848519).
+   * Fix CVE-2016-2775: crash in lwresd due to a long query name
+     (closes: #831796).
+   * Fix CVE-2016-2776: maliciously crafted query can cause named to crash
+     (closes: #839010).
+   * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
+     named to crash (closes: #842858).
+   * Fix CVE-2016-9131: maliciously crafted response to an ANY query can
+     cause named to crash (closes: #851065).
+   * Fix CVE-2016-9147: query with contradictory DNSSEC information can
+     cause named to crash (closes: #851063).
+   * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
+     record can cause named to crash (closes: #851062).
+   * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
+     (closes: #828082).
+ 
+   [ LaMont Jones ]
+   * Update VCS fields in control.
+   * -DDIG_SIGCHASE got dropped by the change in hardening.
+ 
+   [ Stefan Bader ]
+   * Use the defaults file in systemd.
+ 
+  -- Michael Gilbert   Thu, 19 Jan 2017 04:03:28 +0000
+ 
+ bridge-utils 1.5-9ubuntu2 -> 1.5-14
+ 
+ * Last Uploader: Ryan Harper (sponsored by Mathieu Trudel-Lapierre)
+ 
+ Debian changes newer than ubuntu version:
+ 
+ bridge-utils (1.5-14) unstable; urgency=low
+ 
+   * Fix a problem with some vlan interfaces not being created.
+ 
+  -- Santiago Garcia Mantinan   Mon, 26 Jun 2017 17:48:37 +0200
+ 
+ bridge-utils (1.5-13) unstable; urgency=low
+ 
+   * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841.
+ 
+  -- Santiago Garcia Mantinan   Sat, 11 Feb 2017 00:16:45 +0100
+ 
+ bridge-utils (1.5-12) unstable; urgency=medium
+ 
+   * Add vlan support so that old setups using vlans as ports don't
+ break.
+ 
+  -- Santiago Garcia Mantinan   Sun, 22 Jan 2017 00:23:50 +0100
+ 
+ bridge-utils (1.5-11) unstable; urgency=low
+ 
+   * Change /etc/default/bridge-utils to enable addition of hotplugged
+     interfaces.
+   * Integration with the vlan package is causing problems, we have
+     removed it and rely on ifupdown implementing it. Closes: #818849.
+ 
+  -- Santiago Garcia Mantinan   Wed, 14 Dec 2016 23:26:05 +0100
+ 
+ bridge-utils (1.5-10) unstable; urgency=low
+ 
+   * Fix wait when bridge is ready. Thanks Alexander. Closes: #779348.
+   * Added some documentation on the README.Debian file to comment some
+     config bugs. Closes: #765000, #815927.
+   * Clarify pre-up commands changing an example on the man page for
+     bridge-utils-interfaces. Closes: #783956.
+ 
+  -- Santiago Garcia Mantinan   Thu, 10 Nov 2016 22:23:49 +0100

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1701687

Title:
  Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1701687/+subscriptions



More information about the Ubuntu-server-bugs mailing list