lp://staging/ubuntu/precise-updates/bind9
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-updates/bind9
Branch merges
Branch information
Recent revisions
- 59. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in DNSSEC-signed record validation
via malformed keys
- fix validation inlib/dns/hmac_link. c, lib/dns/ include/ dst/dst. h,
lib/dns/ncache. c, lib/dns/ openssldh_ link.c,
lib/dns/openssldsa_ link.c, lib/dns/ opensslrsa_ link.c,
lib/dns/resolver. c.
- CVE-2015-5722 - 58. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in TKEY record query handling
- lib/dns/tkey.c: clear out name before trying the answer section.
- CVE-2015-5477
* SECURITY UPDATE: denial of service via AAAA record query
- bin/named/query.c: arrange for RPZ rewriting of any A records.
- CVE-2012-5689 - 57. By Marc Deslauriers
-
* SECURITY UPDATE: resolver DoS via specially crafted zone data
- lib/dns/validator. c: don't use uninitialized fixedname.
- CVE-2015-4620 - 56. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via revoking a managed trust anchor
and supplying an untrusted replacement
- lib/dns/zone.c: avoid crash due to managed-key rollover
- Based on patch supplied by Evan Hunt <email address hidden>
- CVE-2015-1349 - 55. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via delegation handling defect
- limit max recursion in bin/named/config.c, bin/named/query.c,
bin/named/server. c, lib/dns/adb.c, lib/dns/ include/ dns/adb. h,
lib/dns/include/ dns/resolver. h, lib/dns/resolver.c,
lib/export/ isc/Makefile. in, lib/isc/ Makefile. in, lib/isc/counter.c,
lib/isc/include/ isc/counter. h, lib/isc/ include/ isc/Makefile. in,
lib/isc/include/ isc/types. h, lib/isc/ tests/counter_ test.c,
lib/isccfg/ namedconf. c.
- Patch provided by upstream.
- CVE-2014-8500 - 54. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service when processing NSEC3-signed zone
queries
- debian/patches/ CVE-2014- 0591.patch: don't call memcpy with
overlapping ranges in bin/named/query.c.
- patch backported from 9.8.6-P2.
- CVE-2014-0591 - 53. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via incorrect bounds checking on
private type 'keydata'
- lib/dns/rdata/generic/ keydata_ 65533.c: check for correct length.
- Patch backported from 9.8.5-P2
- CVE-2013-4854 - 52. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via regex syntax checking
- configure,configure. in,config. h.in: remove check for regex.h to
disable regex syntax checking.
- CVE-2013-2266 - 51. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via DNS64 and crafted query
- bin/named/query.c: init rdataset before cleanup.
- Patch backported from 9.8.4-P1
- CVE-2012-5688 - 50. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via specific combinations of RDATA
- bin/named/query.c: fix logic
- Patch backported from 9.8.3-P4
- CVE-2012-5166
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/quantal/bind9