New changelog entries:
* SECURITY UPDATE: denial of service via string formatting operations
- lib/dns/rdata/in_1/apl_42.c: use correct length.
- CVE-2015-8704
New changelog entries:
* SECURITY UPDATE: REQUIRE failure via incorrect class
- properly handle class in lib/dns/include/dns/message.h,
lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
- CVE-2015-8000
New changelog entries:
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
lib/dns/ncache.c, lib/dns/openssldh_link.c,
lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
- CVE-2015-5722
New changelog entries:
* SECURITY UPDATE: denial of service in TKEY record query handling
- lib/dns/tkey.c: clear out name before trying the answer section.
- CVE-2015-5477
New changelog entries:
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator.c: don't use uninitialized fixedname.
- CVE-2015-4620
f6b8624...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-9 to ubuntu/vivid
New changelog entries:
* SECURITY UPDATE: denial of service via revoking a managed trust anchor
and supplying an untrusted replacement
- lib/dns/zone.c: avoid crash due to managed-key rollover
- Based on patch supplied by Evan Hunt <email address hidden>
- CVE-2015-1349
79fd633...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-8 to ubuntu/vivid