New changelog entries:
* SECURITY UPDATE: remote denial of service.
* lib/dns/include/dns/validator.h, lib/dns/{validator,resolver}.c,
lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
9.3.4, applied inline.
* References
CVE-2007-0493 CVE-2007-0494
New changelog entries:
* SECURITY UPDATE: name servers accessible from the Internet could be
used as an amplifier in DDoS attacks against other networks.
* debian/named.conf.options: allow recursion only on localnets. This
matches the default configuration of listening on all interfaces, and
gives a reasonable balance between allowing local recursion, and
protecting the server from being used in a DDoS attack.
* References
CVE-2006-0987 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248899
New changelog entries:
* SECURITY UPDATE:
* bin/named/query.c, lib/dns/resolver.c: Apply upstream patch from 9.3.2-P1
to fix the following flaws:
- A remote user (DNS server) can send specially crafted RRset responses in
return to a recursive SIG query to cause the requesting named service to
crash [CVE-2006-4095].
- A remote user can also send specially crafted queries to trigger an
INSIST failure and cause the requesting service(s) to crash
[CVE-2006-4096].
New changelog entries:
* New upstream
* use lsb-base for start/stop messages in init.d.
* switch to debhelper 4
* Getting good reports from experimental, uploading to sid.
Release team, please consider this package for sarge. Thanks.
* correct pidfile name in init.d/lwresd. Closes: #298100
* Build with gcc-3.4 on powerpc, to work around #292958.
* New upstream version.
* new upstream version
* New upstream version
