Bug#699552: pu: package maradns/1.4.03-1.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Dear RMs,
Please accept this stable upload to fix #665012
(CVE-2012-1570: maradns deleted domain record cache persistance flaw). It is
an NMU as part of the PRSC effort.
The patch comes from upstream and is a direct copy of the original fix in
unstable.
maradns-1.4.03/debian/changelog | 8 ++++++++
server/recursive.c | 8 ++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
Thanks.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u maradns-1.4.03/debian/changelog maradns-1.4.03/debian/changelog
--- maradns-1.4.03/debian/changelog
+++ maradns-1.4.03/debian/changelog
@@ -1,3 +1,11 @@
+maradns (1.4.03-1.1+squeeze1) stable; urgency=low
+
+ * Non-maintainer upload.
+ * Backport fix from upstream for CVE-2012-1570 (deleted domain record
+ cache persistence flaw). Closes: #665012
+
+ -- Jonathan Wiltshire <jmw@debian.org> Fri, 01 Feb 2013 16:31:00 +0000
+
maradns (1.4.03-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team
only in patch2:
unchanged:
--- maradns-1.4.03.orig/server/recursive.c
+++ maradns-1.4.03/server/recursive.c
@@ -1370,6 +1370,10 @@
ttl = js_readuint32(server_reply,offset);
if(ttl == JS_ERROR)
return JS_ERROR;
+ if(ttl < 20)
+ ttl = 20;
+ if(ttl > 86400) /* One day; Ghost domain fix */
+ ttl = 86400;
offset += 4;
/* Get the rdlength of the SOA record */
rdlength = js_readuint16(server_reply,offset);
@@ -2019,8 +2023,8 @@
problems that Franky reported */
if(ttl < 20)
ttl = 20;
- if(ttl > 63072000) /* Two years */
- ttl = 63072000;
+ if(ttl > 86400) /* One day; Ghost domain fix */
+ ttl = 86400;
/* If this is a CNAME answer then we don't store it for over
* 15 minutes */
if(ttl > 900 && cname_original_record != 0)
Reply to: