Bug#891801: stretch-pu: package unbound/1.6.0-3+deb9u2
Control: tags -1 - moreinfo
On Fri, Mar 02, 2018 at 05:49:52PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Wed, 2018-02-28 at 17:47 -0500, Robert Edmonds wrote:
> > I would like to fix a DNSSEC validation bug (CVE-2017-15105) in the
> > unbound package shipped in stretch. After discussion with the
> > security
> > team, this bug was deemed minor enough that the fix could be shipped
> > in
> > a point release:
> >
> > https://security-tracker.debian.org/tracker/CVE-2017-15105
> >
>
> According to the above Security Tracker entry, this issue has not yet
> been fixed in unstable. Assuming that's correct, I'm afraid that's a
> blocker for looking at an update in stable.
This happened later on with the 1.7.1-1 upload.
Regards,
Salvatore
Reply to: