ubuntu/+source/bind9:ubuntu/dapper-updates

Last commit made on 2010-12-01
Get this branch:
git clone -b ubuntu/dapper-updates https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/dapper-updates
Repository:
lp:ubuntu/+source/bind9

Recent commits

1413ed8... by Marc Deslauriers on 2010-11-26

Import patches-unapplied version 1:9.3.2-2ubuntu1.12 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 5ae57cea65b70c4908b0e5fe951acaba7409e6da

New changelog entries:
  * SECURITY UPDATE: denial of service via ncache entry and a rrsig for the
    same type
    - lib/dns/rbtdb.c: properly mark existing RRSIG records as stale. Also
      required backport of change #1997.
    - CVE-2010-3613
  * SECURITY UPDATE: answers incorrectly marked as insecure during key
    algorithm rollover
    - lib/dns/include/dns/types.h, lib/dns/validator.c: improve logic.
    - CVE-2010-3614

5ae57ce... by Marc Deslauriers on 2010-01-20

Import patches-unapplied version 1:9.3.2-2ubuntu1.11 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b269b2fc517d7cb86cc412598ac22523c3cda5da

New changelog entries:
  * SECURITY UPDATE: incorrect cache update from additional section
    - bin/named/query.c, lib/dns/include/dns/types.h,
      lib/dns/{resolver.c,validator.c}: further fixes backported from
      9.4.3-P5
    - CVE-2009-4022
  * SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
    - bin/named/query.c, lib/dns/include/dns/types.h,
      lib/dns/{resolver.c,validator.c}: fixes backported from 9.4.3-P5
    - CVE-2010-0097

b269b2f... by Marc Deslauriers on 2009-12-04

Import patches-unapplied version 1:9.3.2-2ubuntu1.9 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 269ab0c6d12068028b45431cf386d120891293f7

New changelog entries:
  * SECURITY UPDATE: incorrect cache update from additional section
    - bin/named/query.c, lib/dns/{include/dns/types.h,masterdump.c,
      rbtdb.c,resolver.c,validator.c}: handle the additional section
      properly. lib/dns/api, version: increment versions.
    - debian/*: increment to libdns23, add libdns21 metapackage so
      upgrade-manager won't hold the bind9 upgrade back.
    - CVE-2009-4022

269ab0c... by Kees Cook on 2009-07-29

Import patches-unapplied version 1:9.3.2-2ubuntu1.7 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b9ac6be4d7e9186a8676b84e996ab13d181dcb19

New changelog entries:
  * SECURITY UPDATE: server can exit on malicious update packet.
    - bin/named/update.c: backported upstream fix.
    - CVE-2009-0696

b9ac6be... by Jamie Strandboge on 2009-01-07

Import patches-unapplied version 1:9.3.2-2ubuntu1.6 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b721ff2dd3eb39e8ff11d7258bfe061da890f4f8

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates.
    - update lib/dns/openssldsa_link.c to properly check the return code of
      DSA_do_verify()
    - CVE-2009-0025

b721ff2... by LaMont Jones on 2008-07-07

Import patches-unapplied version 1:9.3.2-2ubuntu1.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b78ede8dc46a3297e0fd59fedfab75c70f36b239

New changelog entries:
  * SECURITY UPDATE: Randomize UDP query source ports to improve forgery resilience.
  * References
    CVE-2008-1447

b78ede8... by Soren Hansen on 2008-01-11

Import patches-unapplied version 1:9.3.2-2ubuntu1.4 to ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: f2c37983777b467827a16ac9f84341b9dbcc1ac5

New changelog entries:
  * l.root-servers.net. got a new IP. (LP #160176)

f2c3798... by Kees Cook on 2007-07-24

Import patches-unapplied version 1:9.3.2-2ubuntu1.3 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 25d36c65cd7e90efc49dd1a2754280a816dcf5d8

New changelog entries:
  * SECURITY UPDATE: query responses could be forged remotely.
  * bin/named/client.c, lib/dispatch.c, lib/include/dispatch.h:
    upstream fixes back ported.
  * References
    CVE-2007-2926

25d36c6... by Kees Cook on 2007-01-31

Import patches-unapplied version 1:9.3.2-2ubuntu1.2 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 39d07fd4dc32419b6e3694ca8c95cf5ba52e5b3d

New changelog entries:
  * SECURITY UPDATE: remote denial of service.
  * lib/dns/include/dns/validator.h, lib/dns/{validator,resolver}.c,
    lib/dns/api: fixes taken from upstream changes between bind 9.3.3 and
    9.3.4, applied inline.
  * References
    CVE-2007-0493 CVE-2007-0494

39d07fd... by Martin Pitt on 2006-09-07

Import patches-unapplied version 1:9.3.2-2ubuntu1.1 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 796403a9a7f5d778f4b0b7cabed56fc15859b94d

New changelog entries:
  * SECURITY UPDATE:
  * bin/named/query.c, lib/dns/resolver.c: Apply upstream patch from 9.3.2-P1
    to fix the following flaws:
    - A remote user (DNS server) can send specially crafted RRset responses in
      return to a recursive SIG query to cause the requesting named service to
      crash [CVE-2006-4095].
    - A remote user can also send specially crafted queries to trigger an
      INSIST failure and cause the requesting service(s) to crash
      [CVE-2006-4096].