lp:ubuntu/dapper-updates/bind9
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/bind9
Branch merges
Branch information
Recent revisions
- 16. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
same type
- lib/dns/rbtdb.c: properly mark existing RRSIG records as stale. Also
required backport of change #1997.
- CVE-2010-3613
* SECURITY UPDATE: answers incorrectly marked as insecure during key
algorithm rollover
- lib/dns/include/ dns/types. h, lib/dns/ validator. c: improve logic.
- CVE-2010-3614 - 15. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/ dns/types. h,
lib/dns/{resolver. c,validator. c}: further fixes backported from
9.4.3-P5
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/ dns/types. h,
lib/dns/{resolver. c,validator. c}: fixes backported from 9.4.3-P5
- CVE-2010-0097 - 14. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/{include/ dns/types. h,masterdump. c,
rbtdb.c,resolver. c,validator. c}: handle the additional section
properly. lib/dns/api, version: increment versions.
- debian/*: increment to libdns23, add libdns21 metapackage so
upgrade-manager won't hold the bind9 upgrade back.
- CVE-2009-4022 - 13. By Kees Cook
-
* SECURITY UPDATE: server can exit on malicious update packet.
- bin/named/update.c: backported upstream fix.
- CVE-2009-0696 - 12. By Jamie Strandboge
-
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates.
- update lib/dns/openssldsa_ link.c to properly check the return code of
DSA_do_verify()
- CVE-2009-0025 - 11. By LaMont Jones
-
* SECURITY UPDATE: Randomize UDP query source ports to improve forgery resilience.
* References
CVE-2008-1447 - 10. By Kees Cook
-
* SECURITY UPDATE: query responses could be forged remotely.
* bin/named/client.c, lib/dispatch.c, lib/include/dispatch. h:
upstream fixes back ported.
* References
CVE-2007-2926 - 9. By Kees Cook
-
* SECURITY UPDATE: remote denial of service.
* lib/dns/include/ dns/validator. h, lib/dns/ {validator, resolver} .c,
lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
9.3.4, applied inline.
* References
CVE-2007-0493 CVE-2007-0494 - 8. By Martin Pitt
-
* SECURITY UPDATE:
* bin/named/query.c, lib/dns/resolver.c: Apply upstream patch from 9.3.2-P1
to fix the following flaws:
- A remote user (DNS server) can send specially crafted RRset responses in
return to a recursive SIG query to cause the requesting named service to
crash [CVE-2006-4095].
- A remote user can also send specially crafted queries to trigger an
INSIST failure and cause the requesting service(s) to crash
[CVE-2006-4096] . - 7. By Matthias Klose
-
Drop build dependency on g++-3.4 (#292958 was filed for g++-3.3,
fixed in g++-3.4 and up).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/bind9