New changelog entries:
* SECURITY UPDATE: denial of service via responses containing a DNAME
answer
- debian/patches/CVE-2016-8864.patch: remove assertion failure in
lib/dns/resolver.c.
- CVE-2016-8864
New changelog entries:
* SECURITY UPDATE: denial of service via assertion failure
- debian/patches/CVE-2016-2776.patch: properly handle lengths in
lib/dns/message.c.
- CVE-2016-2776
New changelog entries:
* Drop dead code in bind9.preinst.
* move from /var/run to /run for policy.
* use multiarch path in udebs
* Updated root cache file. Closes: #806954
* Fix vcs links
* build in debian/tmp, use bind9.install
* updated precise_time patch
* add RT#s to some patches
* Merge ubuntu changes
* Fix debian/rules to properly remove files from bind9 that are delivered
elsewhere. LP: #1559090
* Bump debhelper to v9 to use dh-exec.
* libbind-export-dev: Fix the libbind.so symlink.
* Move static libs to the multiarch libdir again.
* Fix udeb dependencies.
[ ISC ]
* New upstream: 9.10.3-P3
- Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
- render_ecs errors were mishandled when printing out a OPT record
resulting in a assertion failure. (CVE-2015-8705) [RT #41397]
- Fixed a regression in resolver.c:possibly_mark() which caused
known-bogus servers to be queried anyway. [RT #41321]
* New upstream: 9.10.3-P4
- Malformed control messages can trigger assertions in named and rndc.
(CVE-2016-1285) [RT #41666]
- Fix resolver assertion failure due to improper DNAME handling when
parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
- Duplicate EDNS COOKIE options in a response could trigger an
assertion failure. (CVE-2016-2088) [RT #41809]
[LaMont Jones]
* Do not build -export libs for libbind90 and liblwres. Relates in part
to, and is the last fix to LP: #1551351
* update patches for 9.10.3.dfsg.P4. Drop 50_CVE_2015-8704.diff
[ Stefan Bader ]
* Do not modify signal handlers for external apps. LP: #1556175
* Fix my bad merge of autoreconf workaround.
* Re-implement -export libraries. LP: #1556175
* Deliver libisccc-export library.