Bug#993796: bullseye-pu: package knot-resolver/5.3.1-1
- To: Jakub Ružička <jakub.ruzicka@nic.cz>, 993796@bugs.debian.org
- Subject: Bug#993796: bullseye-pu: package knot-resolver/5.3.1-1
- From: Julien Cristau <jcristau@debian.org>
- Date: Fri, 3 Dec 2021 16:59:03 +0100
- Message-id: <Yao+x/9+aPkfJCob@jcristau-z4>
- Reply-to: Julien Cristau <jcristau@debian.org>, 993796@bugs.debian.org
- In-reply-to: <163094527572.22557.5160174299045977726.reportbug@bullseye>
- References: <163094527572.22557.5160174299045977726.reportbug@bullseye> <163094527572.22557.5160174299045977726.reportbug@bullseye>
Control: tag -1 confirmed
On Mon, Sep 06, 2021 at 04:21:15PM +0000, Jakub Ružička wrote:
> [ Reason ]
> Fixing bug #991463 (CVE-2021-40083) - potential DoS.
>
> [ Impact ]
> Vulnerability to DoS attack.
>
> [ Tests ]
> I've tested the fix manually by running the deckard (DNS test harness)
> test sets/resolver/val_iter_high.rpl supplied with the upstream fix.
>
> It's not trivial to setup system for deckard so I've used upstream
> Debian bullseye docker image from Knot CI:
>
> docker run -it --privileged registry.nic.cz/knot/knot-resolver/ci/debian-11:knot-3.0
>
> With current knot-resolver-5.3.1-1 the test failed.
> With suggested knot-resolver-5.3.1-1+deb11u1 the test passed.
>
> [ Risks ]
> This is a simple backport of upstream fix.
>
> Upstream tests run during package build so chances of something
> breaking are small.
>
> [ Checklist ]
> [*] *all* changes are documented in the d/changelog
> [*] I reviewed all changes and I approve them
> [*] attach debdiff against the package in (old)stable
> [*] the issue is verified as fixed in unstable
>
Feel free to go ahead and upload, thank you.
Cheers,
Julien
Reply to: