Ubuntu
bind9 package

lp:ubuntu/jaunty-security/bind9

Jaunty (9.04)
jaunty-security

Created by James Westby on 2009-12-02 and last modified on 2010-01-19

Get this branch:: bzr branch lp:ubuntu/jaunty-security/bind9

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

42. By Marc Deslauriers on 2010-01-19

* SECURITY UPDATE: incorrect cache update from additional section
  - bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
    lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
    from 9.5.2-P2
  - CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
  - bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
    lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
    9.5.2-P2
  - CVE-2010-0097

41. By Marc Deslauriers on 2009-12-04

* SECURITY UPDATE: incorrect cache update from additional section
  - bin/named/query.c, lib/dns/{include/dns/types.h,masterdump.c,
    rbtdb.c,resolver.c,validator.c}: handle the additional section
    properly. lib/dns/api, version: increment versions.
  - debian/*: increment to libdns46, add libdns45 metapackage so
    upgrade-manager won't hold the bind9 upgrade back.
  - CVE-2009-4022

40. By Kees Cook on 2009-07-28

* SECURITY UPDATE: server can exit on malicious update packet.
- bin/named/update.c: backported upstream fix.
- CVE-2009-0696

39. By LaMont Jones on 2009-03-20

[Internet Software Consortium, Inc]

* 9.5.1-P2
- DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479]

[LaMont Jones]

* meta: fix override disparity

[Sven Joachim]

* meta: pass host and build into configure for hybrid build machines.
Closes: #515110

38. By LaMont Jones on 2009-01-26

* New upstream patch release
  - supportable version of fix from 9.5.0.dfsg.P2-5.1
  - CVE-2009-0025: Closes: #511936
  - 2475: Overly agressive cache entry removal. Closes: #511768
  - other bug fixes worthy of patch-release inclusion

37. By Jamie Strandboge on 2009-01-07

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates.
  - update lib/dns/openssldsa_link.c to properly check the return code of
    DSA_do_verify()
  - CVE-2009-0025

36. By LaMont Jones on 2008-12-07

[ISC]

* 2463: IPv6 Advanced Socket API broken on linux. LP: #249824

[Jamie Strandboge]

* apparmor: add capability sys_resource
* apparmor: add krb keytab access. LP: #277370

[LaMont Jones]

* apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060
* apparmor: add /var/log/named/* entries. LP: #294935

[Ben Hutchings]

* meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
* meta: Fix bind9utils Depends.
* meta: fix typo in package description

[localization folks]

* l10n: add polish debconf translations. Closes: #506856 (L)

35. By LaMont Jones on 2008-10-07

meta: fix typo in Depends: lsb-base. Closes: #501365

34. By Nicolas Valcarcel on 2008-08-26

* Add ufw integration:
  - Created debian/bind9.ufw.profile
  - debian/rules:
    + install profile
  - debian/control
    + Suggest ufw

33. By Kees Cook on 2008-08-20

debian/{control,rules}: enable PIE hardening

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/lucid/bind9

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntubind9 package