Ubuntu
bind9 package

~nacc/ubuntu/+source/bind9:ubuntu/lucid-security

  1. Git
  2. lp:~nacc/ubuntu/+source/bind9
  3. ubuntu/lucid-security
Last commit made on 2014-12-09
Get this branch:
git clone -b ubuntu/lucid-security https://git.launchpad.net/~nacc/ubuntu/+source/bind9
Only Nish Aravamudan can upload to this branch. If you are Nish Aravamudan please log in for upload directions.

Branch merges

Branch information

Name:
ubuntu/lucid-security
Repository:
lp:~nacc/ubuntu/+source/bind9

Recent commits

fe290a0... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.12 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: cbeac321ade69770589ace50e5dbed4d99d659ce

New changelog entries:
  * SECURITY UPDATE: denial of service via delegation handling defect
    - limit max recursion in bin/named/config.c, bin/named/query.c,
      bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
      lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
      lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
      lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
      lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
      lib/isccfg/namedconf.c.
    - Based on patch provided by upstream.
    - CVE-2014-8500

cbeac32... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.11 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 5096524e701a63d49aa0d5ee5be34b6a145696ff

New changelog entries:
  * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
    queries
    - debian/patches/CVE-2014-0591.patch: don't call memcpy with
      overlapping ranges in bin/named/query.c.
    - patch backported from 9.8.6-P2.
    - CVE-2014-0591

5096524... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.10 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: d3cfb757c4675c9f73673452665570e544658900

New changelog entries:
  * SECURITY UPDATE: denial of service via incorrect bounds checking on
    private type 'keydata'
    - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
    - Patch backported from 9.8.5-P2
    - CVE-2013-4854

d3cfb75... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.9 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: cffac32f67a9affd95f2519c186abbad30012014

New changelog entries:
  * SECURITY UPDATE: denial of service via regex syntax checking
    - configure,configure.in,config.h.in: remove check for regex.h to
      disable regex syntax checking.
    - CVE-2013-2266

cffac32... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.8 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: d666b8c52ca8d5aeaa272f14fbba9c313a5f0571

New changelog entries:
  * SECURITY UPDATE: denial of service via specific combinations of RDATA
    - bin/named/query.c: fix logic
    - Patch backported from 9.8.3-P4
    - CVE-2012-5166

d666b8c... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.7 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 7ab257ac4e93659e831a4553c1aaec77f854da42

New changelog entries:
  * SECURITY UPDATE: denial of service via large crafted resource record
    - check length in lib/dns/include/dns/rdata.h,
      lib/dns/{master,rdata,rdataslab}.c.
    - Patch backported from 9.7.6-P3
    - CVE-2012-4244

7ab257a... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.6 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 4c2cab69262069bf4ca41e8f844f0f76cbe96744

New changelog entries:
  * SECURITY UPDATE: denial of service via dnssec validation load
    - lib/dns/resolver.c: don't use bad->expire before it has been set.
    - Patch backported from 9.7.6-P2.
    - CVE-2012-3817

4c2cab6... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.5 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: db4d5d05d967a760afa52c906a4c4d6ba542d6a6

New changelog entries:
  * SECURITY UPDATE: ghost domain names attack
    - lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
      of the old NS RRset when replacing it.
    - Patch backported from 9.7.5.
    - CVE-2012-1033
  * SECURITY UPDATE: denial of service via zero length rdata handling
    - lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
      duplicate rdata.
    - Patch backported from 9.7.6-P1.
    - CVE-2012-1667

db4d5d0... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.4 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 26235a9ecdf4341181f0f240ca8a2368dc940885

New changelog entries:
  * SECURITY UPDATE: denial of service via specially crafted packet
    - bin/named/query.c,lib/dns/rbtdb.c: correctly handle cache lookups
      that return RRSIG data associated with nonexistent records.
    - Patch backported from 9.7.4-P1.
    - CVE-2011-4313

26235a9... by Marc Deslauriers

Import patches-unapplied version 1:9.7.0.dfsg.P1-1ubuntu0.3 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 756b5c7854e01946582ffc299d3989fa0fcc036a

New changelog entries:
  * SECURITY UPDATE: denial of service via specially crafted packet
    - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
      nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
      flag to indicate negative-cache records rather than using rrtype 0.
    - Patch backported from 9.7.3-P3.
    - CVE-2011-2464