ubuntu/+source/bind9:ubuntu/yakkety-security

Last commit made on 2017-06-29
Get this branch:
git clone -b ubuntu/yakkety-security https://git.launchpad.net/ubuntu/+source/bind9
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/yakkety-security
Repository:
lp:ubuntu/+source/bind9

Recent commits

7001503... by Marc Deslauriers on 2017-06-29

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.7 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 933233590577976b540ca3dd9ce741dbba61b901

New changelog entries:
  * SECURITY UPDATE: TSIG authentication issues
    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
    - CVE-2017-3142
    - CVE-2017-3143

9332335... by Steve Beattie on 2017-04-13

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.6 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 94fd203448fb8f45bab1b1cbd0a8a587f8ad3646

New changelog entries:
  * SECURITY UPDATE: Denial of Service due to an error handling
    synthesized records when using DNS64 with "break-dnssec yes;"
    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
      called.
    - CVE-2017-3136
  * SECURITY UPDATE: Denial of Service due to resolver terminating when
    processing a response packet containing a CNAME or DNAME
    - debian/patches/CVE-2017-3137.patch: don't expect a specific
      ordering of answer components; add testcases.
    - CVE-2017-3137
  * SECURITY UPDATE: Denial of Service when receiving a null command on
    the control channel
    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
      command token is given; add testcase.
    - CVE-2017-3138

94fd203... by Nish Aravamudan on 2017-03-22

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 15b43bfbf9198bd770cc41cc9d9810c6ab0c7c6f

New changelog entries:
  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

15b43bf... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 0613ba08282af1ed254197bc4edb04a566fa33ff

New changelog entries:
  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
    a NULL pointer
    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
      combination in bin/named/query.c, lib/dns/message.c,
      lib/dns/rdataset.c.
    - CVE-2017-3135
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
      was still being cached when it should have been in lib/dns/resolver.c,
      added tests to bin/tests/system/dname/ans3/ans.pl,
      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
    - No CVE number

0613ba0... by Marc Deslauriers on 2017-01-09

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 71fb0b48c3b3c21f9cb1e70ea27746c4332e6b5c

New changelog entries:
  * SECURITY UPDATE: assertion failure via class mismatch
    - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
      records in lib/dns/resolver.c.
    - CVE-2016-9131
  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
    - debian/patches/CVE-2016-9147.patch: fix logic when records are
      returned without the requested data in lib/dns/resolver.c.
    - CVE-2016-9147
  * SECURITY UPDATE: assertion failure via unusually-formed DS record
    - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
      lib/dns/message.c, lib/dns/resolver.c.
    - CVE-2016-9444
  * SECURITY UPDATE: regression in CVE-2016-8864
    - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
      responses in lib/dns/resolver.c, added tests to
      bin/tests/system/dname/ns2/example.db,
      bin/tests/system/dname/tests.sh.
    - No CVE number

71fb0b4... by Marc Deslauriers on 2016-10-31

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 8adaa46d3ae550154a4e4fb8553afb360e31ac33

New changelog entries:
  * SECURITY UPDATE: denial of service via responses containing a DNAME
    answer
    - debian/patches/CVE-2016-8864.patch: remove assertion failure in
      lib/dns/resolver.c.
    - CVE-2016-8864

8adaa46... by Marc Deslauriers on 2016-10-04

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: cd03982cb475ef6ba14eada3f54deeed43dcf6ca

New changelog entries:
  * SECURITY UPDATE: denial of service via assertion failure
    - debian/patches/CVE-2016-2776.patch: properly handle lengths in
      lib/dns/message.c.
    - CVE-2016-2776

cd03982... by Christian Hofstaedtler on 2016-07-02

Import patches-unapplied version 1:9.10.3.dfsg.P4-10.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 055083d85aa4aac7a66245cc4fd20ec5abe15bc9

New changelog entries:
  * Non-maintainer upload.
  * Add explicit ordering for nss-lookup.target in bind9.service,
    lwresd.service. Patches by Michael Biebl <email address hidden>.
    (Closes: #826243, #826245)

055083d... by LaMont Jones on 2016-05-03

Import patches-unapplied version 1:9.10.3.dfsg.P4-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d180b1c5402975cce85e08635131a54c995edcf8

New changelog entries:
  * Use python3

d180b1c... by LaMont Jones on 2016-04-26

Import patches-unapplied version 1:9.10.3.dfsg.P4-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f488b347d4ed9f43cae777d0250439b57cadbb48

New changelog entries:
  * Fix bad patch from when we switched to quilt. Closes: #820847 LP:
    #1552801, #1549788, #1553460
  * freshen patch to remove fuzz.