Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable

To: Santiago Ruano Rincón <santiagorr@riseup.net>
Cc: debian-lts@lists.debian.org, knot-resolver@packages.debian.org
Subject: Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable
From: "Chris Lamb" <lamby@debian.org>
Date: Fri, 07 Oct 2022 12:20:11 -0700
Message-id: <[🔎] af909ad8-14a7-45f8-b8fe-05db4a39ec56@app.fastmail.com>
In-reply-to: <[🔎] Y0ByfB3NwSURPaYJ@bartik>
References: <E1ogrnl-008wtT-0O@seger.debian.org> <[🔎] Y0ByfB3NwSURPaYJ@bartik>

Hi Santiago,

>>    * CVE-2022-4018: Prevent an issue where remote attackers could cause
>>      a denial of service via CPU consumption by exploiting algorithmic
>>      complexity; during an attack, an authoritative server would return large
>>      nameserver or address sets.
>
> Is this actually CVE-2022-40188?

Ah yes, that's right. :(  The package has already been uploaded, of
course, so this is "just" a cosmetic issue in the changelog: I've not
sent out the email announcement just yet.

I've fixed this in the changelog for future uploads from the LTS tree,
as well as fixed it on the Debian website. Thanks for pointing it out.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

References:
- Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable
Next by Date: Re: [SECURITY] [DLA 3118-1] unzip security update
Previous by thread: Re: Accepted knot-resolver 3.2.1-3+deb10u1 (source amd64 all) into oldstable
Next by thread: Re: [SECURITY] [DLA 3118-1] unzip security update
Index(es):
- Date
- Thread