ubuntu/+source/bind9:debian/jessie

Last commit made on 2018-06-23
Get this branch:
git clone -b debian/jessie https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/jessie
Repository:
lp:ubuntu/+source/bind9

Recent commits

5e8d113... by Salvatore Bonaccorso on 2018-01-15

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u15 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 05aeb72e8f361d6c3356d0c3b873887eafe9890f

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Addresses could be referenced after being freed in resolver.c, causing an
    assertion failure. (CVE-2017-3145)

05aeb72... by Ondřej Surý on 2017-08-28

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u14 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: b64fbad6583af4374de7adeebdd87162ae8c8080

New changelog entries:
  [ Bernhard Schmidt ]
  * Import upcoming DNSSEC KSK-2017 from 9.10.5
  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Non-maintainer upload by the Security Team.
  * Add patch to fix regression introduced by patch for CVE-2017-3042.
                                                                closes: #868952

b64fbad... by Yves-Alexis Perez on 2017-06-30

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u12 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 3efb040483086f45ca4e332c856e06755b522153

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patch to fix CVE-2017-3042 and CVE-2017-3043
    CVE-2017-3042: error in TSIG authentication can permit unauthorized zone
    transfers. An attacker may be able to circumvent TSIG authentication of
    AXFR and Notify requests.
    CVE-2017-3043: error in TSIG authentication can permit unauthorized
    dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
    signature for a dynamic update.
  * Non-maintainer upload by the Security Team.
  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
    (CVE-2017-3136) (Closes: #860224)
  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
    If not cherry-picking this change the fix for CVE-2017-3137 can cause an
    assertion failure to appear in name.c.
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) (Closes: #860225)
  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
    could trigger assertion failures. (CVE-2017-3137)
  * Fix regression introduced when handling CNAME to referral below the
    current domain
  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
    (Closes: #860226)

3efb040... by Michael Gilbert <email address hidden> on 2017-02-26

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u10 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: c21ec95d9fd1921fe3d91626f4fc3e1495ca2f34

New changelog entries:
  * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
  * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
    both DNS64 and RPZ are being used (closes: #855520).
  * Apply patches from ISC.
  * CVE-2016-9131: Assertion failure related to caching of TKEY records
    in upstream DNS responses.
  * CVE-2016-9147: Processing of RRSIG records in upstream DNS response
    without corresponding signed data could lead to an assertion failure.
  * CVE-2016-9444: Missing RRSIG records in the authority section of
    upstream responses could lead to an assertion failure.
  * RT #43779: Fix handling of CNAME/DNAME responses. (Regression due
    to the CVE-2016-8864 fix.)

c21ec95... by Florian Weimer on 2016-11-01

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u8 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 8daddbc7b2d4e14c745ccb8265a5dfe32709c901

New changelog entries:
  * CVE-2016-8864: Fix assertion failure in DNAME processing with patch
    provided by ISC.
  * CVE-2016-2775: lwresd crash with long query name.
    Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.
    Closes: #831796.
  * CVE-2016-2776: assertion failure due to unspecified crafted query.
    Fix based on 43139-9-9.patch from ISC. Closes: #839010.

8daddbc... by Michael Gilbert <email address hidden> on 2016-03-08

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u6 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 8b978ed507a2e971cf9a06e21a082d342f2606b1

New changelog entries:
  * Fix CVE-2016-1285: error parsing control channel input.
  * Fix CVE-2016-1286: error parsing DNAME resource records.
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c.
    A buffer size check used to guard against overflow could cause named to
    exit with an INSIST failure In apl_42.c.

8b978ed... by Salvatore Bonaccorso on 2015-12-14

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 7800486a1214f2d8b99cc6c1c440e624203dbdf7

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patch to fix CVE-2015-8000.
    CVE-2015-8000: Insufficient testing when parsing a message allowed
    records with an incorrect class to be be accepted, triggering a REQUIRE
    failure when those records were subsequently cached.
  * CVE-2015-5722

7800486... by Salvatore Bonaccorso on 2015-07-27

Import patches-unapplied version 1:9.9.5.dfsg-9+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 1c615357376afcd94370cc139dee348550e269a8

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
    result in an assertion failure.
  * Non-maintainer upload by the Security Team.
  * CVE-2015-4620: Specially constructed zone data can cause a resolver to
    crash when validating.

1c61535... by Michael Gilbert <email address hidden> on 2015-02-19

Import patches-unapplied version 1:9.9.5.dfsg-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7f919ddaa5012a3f8c9196008cf2d1bd6dc06779

New changelog entries:
  * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
    affecting setups using DNSSEC (closes: #778733).

7f919dd... by Michael Gilbert <email address hidden> on 2015-01-01

Import patches-unapplied version 1:9.9.5.dfsg-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c30d5c08eeb831e662801cb5548643a7839ba50e

New changelog entries:
  * Launch rndc command in the background in networking scripts to avoid a
    hang in named from bringing down the entire network (closes: #760555).