ubuntu/+source/bind9:applied/debian/jessie

Last commit made on 2018-06-23
Get this branch:
git clone -b applied/debian/jessie https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/jessie
Repository:
lp:ubuntu/+source/bind9

Recent commits

5c31639... by Salvatore Bonaccorso on 2018-01-15

Import patches-applied version 1:9.9.5.dfsg-9+deb8u15 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: f96568ecd9b4819f3ac1f0a4e451b8f2973b5191
Unapplied parent: 5e8d11342406507af33697c7b59f65547d11dfbb

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Addresses could be referenced after being freed in resolver.c, causing an
    assertion failure. (CVE-2017-3145)

5e8d113... by Salvatore Bonaccorso on 2018-01-15

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u15 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 05aeb72e8f361d6c3356d0c3b873887eafe9890f

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Addresses could be referenced after being freed in resolver.c, causing an
    assertion failure. (CVE-2017-3145)

f96568e... by Ondřej Surý on 2017-08-28

Import patches-applied version 1:9.9.5.dfsg-9+deb8u14 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 4b73d21975c3933dd219a7b33caae0654b11f463
Unapplied parent: 05aeb72e8f361d6c3356d0c3b873887eafe9890f

New changelog entries:
  [ Bernhard Schmidt ]
  * Import upcoming DNSSEC KSK-2017 from 9.10.5
  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Non-maintainer upload by the Security Team.
  * Add patch to fix regression introduced by patch for CVE-2017-3042.
                                                                closes: #868952

05aeb72... by Ondřej Surý on 2017-08-28

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u14 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: b64fbad6583af4374de7adeebdd87162ae8c8080

New changelog entries:
  [ Bernhard Schmidt ]
  * Import upcoming DNSSEC KSK-2017 from 9.10.5
  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Non-maintainer upload by the Security Team.
  * Add patch to fix regression introduced by patch for CVE-2017-3042.
                                                                closes: #868952

4b73d21... by Yves-Alexis Perez on 2017-06-30

Import patches-applied version 1:9.9.5.dfsg-9+deb8u12 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: cb2c64ea4866322eff82a42752172ce4e3886f17
Unapplied parent: b64fbad6583af4374de7adeebdd87162ae8c8080

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patch to fix CVE-2017-3042 and CVE-2017-3043
    CVE-2017-3042: error in TSIG authentication can permit unauthorized zone
    transfers. An attacker may be able to circumvent TSIG authentication of
    AXFR and Notify requests.
    CVE-2017-3043: error in TSIG authentication can permit unauthorized
    dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
    signature for a dynamic update.
  * Non-maintainer upload by the Security Team.
  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
    (CVE-2017-3136) (Closes: #860224)
  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
    If not cherry-picking this change the fix for CVE-2017-3137 can cause an
    assertion failure to appear in name.c.
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) (Closes: #860225)
  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
    could trigger assertion failures. (CVE-2017-3137)
  * Fix regression introduced when handling CNAME to referral below the
    current domain
  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
    (Closes: #860226)

b64fbad... by Yves-Alexis Perez on 2017-06-30

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u12 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 3efb040483086f45ca4e332c856e06755b522153

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patch to fix CVE-2017-3042 and CVE-2017-3043
    CVE-2017-3042: error in TSIG authentication can permit unauthorized zone
    transfers. An attacker may be able to circumvent TSIG authentication of
    AXFR and Notify requests.
    CVE-2017-3043: error in TSIG authentication can permit unauthorized
    dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
    signature for a dynamic update.
  * Non-maintainer upload by the Security Team.
  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
    (CVE-2017-3136) (Closes: #860224)
  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
    If not cherry-picking this change the fix for CVE-2017-3137 can cause an
    assertion failure to appear in name.c.
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) (Closes: #860225)
  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
    could trigger assertion failures. (CVE-2017-3137)
  * Fix regression introduced when handling CNAME to referral below the
    current domain
  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
    (Closes: #860226)

cb2c64e... by Michael Gilbert <email address hidden> on 2017-02-26

Import patches-applied version 1:9.9.5.dfsg-9+deb8u10 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: ad9062c4f370b28e4838a1e96980f9846ff0b433
Unapplied parent: 3efb040483086f45ca4e332c856e06755b522153

New changelog entries:
  * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
  * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
    both DNS64 and RPZ are being used (closes: #855520).
  * Apply patches from ISC.
  * CVE-2016-9131: Assertion failure related to caching of TKEY records
    in upstream DNS responses.
  * CVE-2016-9147: Processing of RRSIG records in upstream DNS response
    without corresponding signed data could lead to an assertion failure.
  * CVE-2016-9444: Missing RRSIG records in the authority section of
    upstream responses could lead to an assertion failure.
  * RT #43779: Fix handling of CNAME/DNAME responses. (Regression due
    to the CVE-2016-8864 fix.)

3efb040... by Michael Gilbert <email address hidden> on 2017-02-26

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u10 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: c21ec95d9fd1921fe3d91626f4fc3e1495ca2f34

New changelog entries:
  * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
  * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
    both DNS64 and RPZ are being used (closes: #855520).
  * Apply patches from ISC.
  * CVE-2016-9131: Assertion failure related to caching of TKEY records
    in upstream DNS responses.
  * CVE-2016-9147: Processing of RRSIG records in upstream DNS response
    without corresponding signed data could lead to an assertion failure.
  * CVE-2016-9444: Missing RRSIG records in the authority section of
    upstream responses could lead to an assertion failure.
  * RT #43779: Fix handling of CNAME/DNAME responses. (Regression due
    to the CVE-2016-8864 fix.)

ad9062c... by Florian Weimer on 2016-11-01

Import patches-applied version 1:9.9.5.dfsg-9+deb8u8 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 6018cb79278627cf8a43fcb9cf28cd5865ef6eae
Unapplied parent: c21ec95d9fd1921fe3d91626f4fc3e1495ca2f34

New changelog entries:
  * CVE-2016-8864: Fix assertion failure in DNAME processing with patch
    provided by ISC.
  * CVE-2016-2775: lwresd crash with long query name.
    Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.
    Closes: #831796.
  * CVE-2016-2776: assertion failure due to unspecified crafted query.
    Fix based on 43139-9-9.patch from ISC. Closes: #839010.

c21ec95... by Florian Weimer on 2016-11-01

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u8 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 8daddbc7b2d4e14c745ccb8265a5dfe32709c901

New changelog entries:
  * CVE-2016-8864: Fix assertion failure in DNAME processing with patch
    provided by ISC.
  * CVE-2016-2775: lwresd crash with long query name.
    Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.
    Closes: #831796.
  * CVE-2016-2776: assertion failure due to unspecified crafted query.
    Fix based on 43139-9-9.patch from ISC. Closes: #839010.