New changelog entries:
* Fix CVE-2016-1285: error parsing control channel input.
* Fix CVE-2016-1286: error parsing DNAME resource records.
* Non-maintainer upload by the Security Team.
* CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c.
A buffer size check used to guard against overflow could cause named to
exit with an INSIST failure In apl_42.c.
* Non-maintainer upload by the Security Team.
* Add patch to fix CVE-2015-8000.
CVE-2015-8000: Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted, triggering a REQUIRE
failure when those records were subsequently cached.
* CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash.
New changelog entries:
* Non-maintainer upload by the Security Team.
* CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
result in an assertion failure.
* Non-maintainer upload by the Security Team.
* CVE-2015-4620: Specially constructed zone data can cause a resolver to
crash when validating.
* Non-maintainer upload by the Security Team.
* CVE-2015-1349: avoid crash due to managed-key rollover.
Revoking a managed trust anchor and supplying an untrusted replacement
could cause named to crash with an assertion failure.
New changelog entries:
* Non-maintainer upload by the Security Team.
* CVE-2014-8500: Failure to place limits on delegation chaining can allow an
attacker to crash BIND or cause memory exhaustion.
New changelog entries:
* Non-maintainer upload by the Security Team.
* CVE-2014-0591: named crash when handling malformed NSEC3-signed zones.
A remote attacker could use this flaw against an authoritative name
server that served NCES3-signed zones by sending a specially crafted
query, which, when processed, would cause named to crash. (Closes: #735190)
New changelog entries:
* Non-maintainer upload by the Security Team.
* CVE-2013-4854: A specially crafted query that includes malformed rdata can
cause named to terminate with an assertion failure while rejecting the
malformed query. (Closes: #717936).
0913848...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.8.4.dfsg.P1-6+nmu2 to debian/wheezy
New changelog entries:
* Non-maintainer upload by the Security Team.
* Fix cve-2012-5689: issue in nameservers using DNS64 to perform a AAAA
lookup for a record with an A record overwrite rule in a Response Policy
Zone (closes: #699145).
* Fix cve-2013-2266: issues in regular expression handling (closes: #704174).