Created by Ubuntu Package Importer on 2012-06-05 and last modified on 2015-09-01
Get this branch:
bzr branch lp:ubuntu/precise-security/bind9
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

59. By Marc Deslauriers on 2015-09-01

* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
  via malformed keys
  - fix validation inlib/dns/hmac_link.c, lib/dns/include/dst/dst.h,
    lib/dns/ncache.c, lib/dns/openssldh_link.c,
    lib/dns/openssldsa_link.c, lib/dns/opensslrsa_link.c,
  - CVE-2015-5722

58. By Marc Deslauriers on 2015-07-27

* SECURITY UPDATE: denial of service in TKEY record query handling
  - lib/dns/tkey.c: clear out name before trying the answer section.
  - CVE-2015-5477
* SECURITY UPDATE: denial of service via AAAA record query
  - bin/named/query.c: arrange for RPZ rewriting of any A records.
  - CVE-2012-5689

57. By Marc Deslauriers on 2015-06-29

* SECURITY UPDATE: resolver DoS via specially crafted zone data
  - lib/dns/validator.c: don't use uninitialized fixedname.
  - CVE-2015-4620

56. By Marc Deslauriers on 2015-02-18

* SECURITY UPDATE: denial of service via revoking a managed trust anchor
  and supplying an untrusted replacement
  - lib/dns/zone.c: avoid crash due to managed-key rollover
  - Based on patch supplied by Evan Hunt <email address hidden>
  - CVE-2015-1349

55. By Marc Deslauriers on 2014-12-09

* SECURITY UPDATE: denial of service via delegation handling defect
  - limit max recursion in bin/named/config.c, bin/named/query.c,
    bin/named/server.c, lib/dns/adb.c, lib/dns/include/dns/adb.h,
    lib/dns/include/dns/resolver.h, lib/dns/resolver.c,
    lib/export/isc/Makefile.in, lib/isc/Makefile.in, lib/isc/counter.c,
    lib/isc/include/isc/counter.h, lib/isc/include/isc/Makefile.in,
    lib/isc/include/isc/types.h, lib/isc/tests/counter_test.c,
  - Patch provided by upstream.
  - CVE-2014-8500

54. By Marc Deslauriers on 2014-01-10

* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
  - debian/patches/CVE-2014-0591.patch: don't call memcpy with
    overlapping ranges in bin/named/query.c.
  - patch backported from 9.8.6-P2.
  - CVE-2014-0591

53. By Marc Deslauriers on 2013-07-26

* SECURITY UPDATE: denial of service via incorrect bounds checking on
  private type 'keydata'
  - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
  - Patch backported from 9.8.5-P2
  - CVE-2013-4854

52. By Marc Deslauriers on 2013-03-28

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

51. By Marc Deslauriers on 2012-12-05

* SECURITY UPDATE: denial of service via DNS64 and crafted query
  - bin/named/query.c: init rdataset before cleanup.
  - Patch backported from 9.8.4-P1
  - CVE-2012-5688

50. By Marc Deslauriers on 2012-10-05

* SECURITY UPDATE: denial of service via specific combinations of RDATA
  - bin/named/query.c: fix logic
  - Patch backported from 9.8.3-P4
  - CVE-2012-5166

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.