New changelog entries:
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
lib/dns/ncache.c, lib/dns/openssldh_link.c,
lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
- CVE-2015-5722
45f9ab5...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-11 to ubuntu/wily-proposed
New changelog entries:
* SECURITY UPDATE: denial of service in TKEY record query handling
- lib/dns/tkey.c: clear out name before trying the answer section.
- CVE-2015-5477
b750f00...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-10 to ubuntu/wily-proposed
New changelog entries:
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator.c: don't use uninitialized fixedname.
- CVE-2015-4620
5dac7a8...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-9 to ubuntu/wily