[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable

Hi Santiago,

>>    * CVE-2022-4018: Prevent an issue where remote attackers could cause
>>      a denial of service via CPU consumption by exploiting algorithmic
>>      complexity; during an attack, an authoritative server would return large
>>      nameserver or address sets.
> Is this actually CVE-2022-40188?

Ah yes, that's right. :(  The package has already been uploaded, of
course, so this is "just" a cosmetic issue in the changelog: I've not
sent out the email announcement just yet.

I've fixed this in the changelog for future uploads from the LTS tree,
as well as fixed it on the Debian website. Thanks for pointing it out.


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: