[Bug 1475992] Re: Sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)
Robie Basak
1475992 at bugs.launchpad.net
Mon Jul 20 10:10:35 UTC 2015
This bug was fixed in the package bind9 - 1:9.9.5.dfsg-10
Sponsored for Artur Rona (ari-tczew)
---------------
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
* Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
cause the resolver to crash (closes: #791715).
-- Michael Gilbert <mgilbert at debian.org> Thu, 09 Jul 2015 00:43:38
+0000
** Changed in: bind9 (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-4620
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1475992
Title:
Sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)
Status in bind9 package in Ubuntu:
Fix Released
Bug description:
Please sync bind9 1:9.9.5.dfsg-10 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator.c: don't use uninitialized fixedname.
- CVE-2015-4620
CVE has been fixed in Debian, as well.
Changelog entries since current wily version 1:9.9.5.dfsg-9ubuntu1:
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
* Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
cause the resolver to crash (closes: #791715).
-- Michael Gilbert <mgilbert at debian.org> Thu, 09 Jul 2015 00:43:38
+0000
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1475992/+subscriptions
More information about the Ubuntu-sponsors
mailing list