[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1000159: marked as done (dnsproxy listen unnecessary UDP port)

Your message dated Thu, 25 Nov 2021 00:18:28 +0000
with message-id <E1mq2T6-0009ld-IT@fasolo.debian.org>
and subject line Bug#1000159: fixed in dnsproxy 1.17-2
has caused the Debian Bug report #1000159,
regarding dnsproxy listen unnecessary UDP port
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1000159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000159
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: dnsproxy
Version: 1.16-0.1
Severity: important
X-Debbugs-Cc: marcos@talau.info
Control: forwarded -1 https://github.com/awaw/dnsproxy/issues/1

Hi there,

When dnsproxy starts it unnecessary listens to a random UDP port on all
interfaces. This opened port is not required to dnsproxy do their job.
If someone connects on that port it's possible to send unwanted DNS
answers to dnsproxy, these answers can be forwarded to the client, but
an attacker needs to know the DNS ID used by the client and the DNS ID
used by dnsproxy.


Regards,
mt

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: dnsproxy
Source-Version: 1.17-2
Done: Marcos Talau <marcos@talau.info>

We believe that the bug you reported is fixed in the latest version of
dnsproxy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1000159@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marcos Talau <marcos@talau.info> (supplier of updated dnsproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Nov 2021 18:37:38 -0300
Source: dnsproxy
Architecture: source
Version: 1.17-2
Distribution: unstable
Urgency: medium
Maintainer: Marcos Talau <marcos@talau.info>
Changed-By: Marcos Talau <marcos@talau.info>
Closes: 487952 802918 876201 1000159
Changes:
 dnsproxy (1.17-2) unstable; urgency=medium
 .
   * New maintainer (Closes: #876201).
   * debian/control:
     - Add passwd to Depends.
     - Add Rules-Requires-Root field.
     - Update Maintainer.
   * debian/copyright: Update to 1.0 Machine-readable format.
   * debian/default: Completely rewritten.
   * debian/dnsproxy.conf:
     - Some clean ups.
     - Use localhost has default bind address. Thanks to
       Marco d'Itri (Closes: #802918).
   * debian/dnsproxy.dirs: Rename to dirs.
   * debian/dnsproxy.init:
     - Completely rewritten (Closes: #487952).
     - Rename to init.
   * debian/dnsproxy.install: Rename to install.
   * debian/dnsproxy.manpages: Rename to manpages.
   * debian/patches/:
     - 01_fix_missing_prototypes.patch: Add DEP-3 headers.
     - 02_fix_wrong_use_of_hyphens_in_manpage.patch: Remove. No longer need.
     - 02_fix_compile_warnings.patch: New. Fix compile warnings due missing
       _GNU_SOURCE #defines.
     - 03_fix_listen_udp_port.patch: New. Fix UDP port listening on all
       interfaces (Closes: #1000159).
   * debian/postinst: Update adduser command.
   * debian/postrm: New file. Create to remove dnsproxy user from system.
   * debian/README.Debian: Remove. Information no longer need.
   * debian/README.source: Create. Explains the need of dnsproxy user.
   * debian/rules: Some clean ups.
   * debian/salsa-ci.yml: Add to provide CI tests for Salsa.
   * debian/service: New systemd service file.
   * debian/tests/*: Create autopkgtest.
   * debian/TODO: Remove. Not use anymore.
   * debian/upstream/metadata: Add upstream metadata information.
   * debian/watch: Update the search rule and the version to 4.
Checksums-Sha1:
 a9c2bc6d988a67f96dc0da2e42ac881feaf05c4a 1895 dnsproxy_1.17-2.dsc
 fa887197020a4ca782a93f3e88f666851c235448 8192 dnsproxy_1.17-2.debian.tar.xz
 453ba0abe0a97623ea38b71b143ef8734d404188 5702 dnsproxy_1.17-2_source.buildinfo
Checksums-Sha256:
 affd98c33088e0150ac764081f73fbd64d21f932fb519fd1401bad0d7ee7764a 1895 dnsproxy_1.17-2.dsc
 2bd67b3371fec38a73e46570ce54a7cbd0caf8894543afaa4f9330476dee131d 8192 dnsproxy_1.17-2.debian.tar.xz
 1b36622b9ab66128061137c8497cebbd9ec0d7320988293f88a11439a63064f7 5702 dnsproxy_1.17-2_source.buildinfo
Files:
 161088c8e9837585725e0117cd675cd0 1895 net optional dnsproxy_1.17-2.dsc
 827888f191a7c865d4d4ada7e84b82dc 8192 net optional dnsproxy_1.17-2.debian.tar.xz
 fbf222651a6039ed3cc3b20862755170 5702 net optional dnsproxy_1.17-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmGe0ewACgkQ3mO5xwTr
6e9vMBAAp6U/vP42NRjJUpwfpThej0IX1bcl7/rdAoW10FZeyj871JAQjJW+i4nh
XFB0efzGu4FO1+eRg0Lkw9NsEmGHczqYlvQb6xEKm5gBDUxJqWKh+Ngcp0TJGpBV
tttPLWD9+hwdOnwZhNzKOQskO5g0gRgfXCEq7a3lpJA5rviS25a0F5jtv4XVtR3x
TO7TzlymgCnPaUp8JK7zdCZVWNDunObedXVO0agiRVywxfMsa3cjk+HPmoLnhVSn
MCUActL/LwPv1xAc49bj1mI5l4niR5jXTKpfKPb7S/+niMLb203aSznVuJ/WWk1g
fXqpI6TcDaHc/k2A8KScqiurHKOflKusriKXABaHVE/Pu1xTSLOX1h0NPjHeSKfy
dP9Q9x/AreKQi2TRaPeBN5Yz2TdOw8Iygs7N56hwr0GSdjazw2xC+eCx4Q1lbysN
FAY4Dw0W2VD8fR2SzpsgJ/dzoAIlaF+1aNFa7aaBKHJu16Jh5RMgMYqbRGOwKuAv
9UykOKYTQShXbTJxc2Ham4G8qxmmclFiZtToksB1qBKTQcao1pZmYDxEaaNVV3k5
n0uv9LCHc5cgH9q5zpIbx0yX4KZlHuCXsOGr7n/SNb4jic/st2T5Oj/unkRtuqjr
AfDocOC2EcXM670qPHYw9ZRL2FcR1pW4rKyPV3mzPDgLGLJT0x8=
=oB+7
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: