New changelog entries:
* SECURITY UPDATE: denial of service via rndc control channel input
parsing error
- properly check data in bin/named/control.c, bin/named/controlconf.c,
bin/rndc/rndc.c, lib/isccc/cc.c.
- CVE-2016-1285
* SECURITY UPDATE: denial of service via resource record signatures
parsing issue
- fix improper DNAME handling in lib/dns/resolver.c.
- CVE-2016-1286
New changelog entries:
* SECURITY UPDATE: denial of service via string formatting operations
- lib/dns/rdata/in_1/apl_42.c: use correct length.
- CVE-2015-8704
New changelog entries:
* SECURITY UPDATE: REQUIRE failure via incorrect class
- properly handle class in lib/dns/include/dns/message.h,
lib/dns/message.c, lib/dns/resolver.c, lib/dns/xfrin.c.
- CVE-2015-8000
New changelog entries:
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
lib/dns/ncache.c, lib/dns/openssldh_link.c,
lib/dns/openssldsa_link.c, lib/dns/opensslecdsa_link.c,
lib/dns/opensslrsa_link.c, lib/dns/resolver.c.
- CVE-2015-5722
c290cf9...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-11 to ubuntu/wily