[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable

Hi Chris,

Thanks for handling this.

El 07/10/22 a las 18:10, Debian FTP Masters escribió:
> Hash: SHA256
> Format: 1.8
> Date: Fri, 07 Oct 2022 10:17:02 -0700
> Source: knot-resolver
> Binary: knot-resolver knot-resolver-dbgsym knot-resolver-doc knot-resolver-module-http
> Architecture: source amd64 all
> Version: 3.2.1-3+deb10u1
> Distribution: buster-security
> Urgency: high
> Maintainer: knot-resolver packagers <knot-resolver@packages.debian.org>
> Changed-By: Chris Lamb <lamby@debian.org>
> Description:
>  knot-resolver - caching, DNSSEC-validating DNS resolver
>  knot-resolver-doc - Documentation for Knot Resolver
>  knot-resolver-module-http - HTTP/2 module for Knot Resolver
> Changes:
>  knot-resolver (3.2.1-3+deb10u1) buster-security; urgency=high
>  .
>    * CVE-2022-4018: Prevent an issue where remote attackers could cause
>      a denial of service via CPU consumption by exploiting algorithmic
>      complexity; during an attack, an authoritative server would return large
>      nameserver or address sets.

Is this actually CVE-2022-40188?

>    * Mark one of the autopkgtests as "flaky"; we want to still run it.
>    * Add debian/.gitlab-ci.yml, but don't test piuparts.

A minor comment: debian/master has debian/salsa-ci.yml. I would have
preferred to follow the same according to the knot-resolver repo
configuration in salsa.


 -- Santiago

Attachment: signature.asc
Description: PGP signature

Reply to: