Salvatore Bonaccorso <carnil@debian.org> (2017-05-14): > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Hi > > Please unblock package bind9 > > The upload fixes three issues: > > +bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high > + > + * Non-maintainer upload. > + * Dns64 with "break-dnssec yes;" can result in a assertion failure > + (CVE-2017-3136) (Closes: #860224) > + * Some chaining (CNAME or DNAME) responses to upstream queries could trigger > + assertion failures (CVE-2017-3137) (Closes: #860225) > + * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138) > + (Closes: #860226) > + > + -- Salvatore Bonaccorso <carnil@debian.org> Sun, 07 May 2017 15:22:46 +0200 > > of which CVE-2017-3137 should be considered RC (and filled as such), > the other two are minor, but were included as well in the stable > update released as DSA-3854-1. > > unblock bind9/1:9.10.3.dfsg.P4-12.3 > > Attached is the full debdiff agains the current version in testing. As usual, no objections since bind9 udebs are only used on non-Linux architectures. KiBi.
Attachment:
signature.asc
Description: Digital signature