~ahasenack/ubuntu/+source/bind9:bind9-merge-1701687

Branch merges

Superseded for merging into ~usd-import-team/ubuntu/+source/bind9:debian/sid

Nish Aravamudan: Needs Fixing on 2017-07-05

Canonical Server Team: Pending requested 2017-07-12

Diff: 485 lines (+400/-2)

7 files modified

debian/bind9-resolvconf.service (+1/-0)
debian/changelog (+169/-0)
debian/control (+3/-1)
debian/patches/CVE-2016-8864-regression-test.patch (+53/-0)
debian/patches/CVE-2016-8864-regression2-test.patch (+169/-0)
debian/patches/series (+2/-0)
debian/rules (+3/-1)

api

Propose for merging

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

77156f8... by Andreas Hasenack on 2017-08-11

update-maintainer

670154e... by Andreas Hasenack on 2017-08-11

reconstruct-changelog

15a3827... by Andreas Hasenack on 2017-08-11

merge-changelogs

1ab2093... by Andreas Hasenack on 2017-07-10

  * d/control, d/rules: add json support for the statistics channels.
    (LP: #1669193)

19c7865... by Andreas Hasenack on 2017-06-29

  * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
    regression (RT #44318) introduced with the CVE-2016-8864.patch
    and fixed in CVE-2016-8864-regression2.patch.

5612674... by Andreas Hasenack on 2017-06-29

  * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
    introduced with the CVE-2016-8864.patch and fixed in
    CVE-2016-8864-regression.patch.

fe43655... by Andreas Hasenack on 2017-06-29

    - SECURITY UPDATE: Denial of Service when receiving a null command on
      the control channel
      + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
        command token is given; add testcase.
      + CVE-2017-3138
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]

9e5b8b7... by Andreas Hasenack on 2017-06-29

    - SECURITY UPDATE: Denial of Service due to resolver terminating when
      processing a response packet containing a CNAME or DNAME
      + debian/patches/CVE-2017-3137.patch: don't expect a specific
        ordering of answer components; add testcases.
      + CVE-2017-3137
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]

ee92575... by Andreas Hasenack on 2017-06-29

    - SECURITY UPDATE: Denial of Service due to an error handling
      synthesized records when using DNS64 with "break-dnssec yes;"
      + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
        called.
      + CVE-2017-3136
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]

0122f59... by Andreas Hasenack on 2017-06-29

    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
        was still being cached when it should have been in lib/dns/resolver.c,
        added tests to bin/tests/system/dname/ans3/ans.pl,
        bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]