Univention Bugzilla – Bug 56345
bind9: Multiple issues (5.0)
Last modified: 2023-07-26 14:55:45 CEST
New Debian bind9 1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 fixes: This update addresses the following issue: 1:9.11.5.P4+dfsg-5.1+deb10u9 (Fri, 07 Jul 2023 17:14:33 +0100) * Non-maintainer upload by the Debian LTS Team. * CVE-2023-2828: It was discovered that the effectiveness of the cache-cleaning algorithm used in named(5) can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. * Add debian/.gitlab-ci.yml * Allow blhc failures; "CPPFLAGS missing", etc. * Backport a1dbd6d68 and ef4eef07f4 from bind9.git to make autopkgtests pass.
--- mirror/ftp/pool/main/b/bind9/bind9_9.11.5.P4+dfsg-5.1+deb10u8A~5.0.2.202210101801.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/bind9_9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136.dsc @@ -1,23 +1,34 @@ -1:9.11.5.P4+dfsg-5.1+deb10u8A~5.0.2.202210101801 [Mon, 10 Oct 2022 18:01:53 +0200] Univention builddaemon <buildd@univention.de>: +1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 [Mon, 24 Jul 2023 11:36:44 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package - 0001-Bug-22478-build-bind-with-libdb4.8 - 0002-Bug-51417-Do-not-fail-on-service-start - 0004-Bug-41714-Add-LDAP-support - 0004-Bug-41714-Add-LDAP-support - 0005-Bug-41714-conditional-compiler-error - 0006-Bug-41714-Adapt-to-new-APIs - 0007-Bug-41714-Fix-illegal-return-value - 0008-Bug-41714-Clone-URL - 0009-Bug-41714-Check-for-allocation-error - 0010-Bug-41714-Replace-deprecated-libldap-API - 0011-Bug-41714-rename-errno-to-rc - 0012-Bug-41714-Retry-search-in-case-of-closed-connections - 0013-Bug-28748-Default-LDAP-timeout-60s - 0014-Bug-42389-Fix-crash-on-shutdown - 0016-Bug-46526-Fix-memory-leak - 0017-Bug-51786-fix-apparmor-profile - 0018-Bug-55163-fix-resolver-priming-query + 0001-Bug-22478-build-bind-with-libdb4.8.patch + 0002-Bug-51417-Do-not-fail-on-service-start.patch + 0004-Bug-41714-Add-LDAP-support.patch + 0004-Bug-41714-Add-LDAP-support.quilt + 0005-Bug-41714-conditional-compiler-error.quilt + 0006-Bug-41714-Adapt-to-new-APIs.quilt + 0007-Bug-41714-Fix-illegal-return-value.quilt + 0008-Bug-41714-Clone-URL.quilt + 0009-Bug-41714-Check-for-allocation-error.quilt + 0010-Bug-41714-Replace-deprecated-libldap-API.quilt + 0011-Bug-41714-rename-errno-to-rc.quilt + 0012-Bug-41714-Retry-search-in-case-of-closed-connections.quilt + 0013-Bug-28748-Default-LDAP-timeout-60s.quilt + 0014-Bug-42389-Fix-crash-on-shutdown.quilt + 0016-Bug-46526-Fix-memory-leak.quilt + 0017-Bug-51786-fix-apparmor-profile.patch + 0018-Bug-55163-fix-resolver-priming-query.quilt + +1:9.11.5.P4+dfsg-5.1+deb10u9 [Fri, 07 Jul 2023 17:14:33 +0100] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * CVE-2023-2828: It was discovered that the effectiveness of the + cache-cleaning algorithm used in named(5) can be severely diminished by + querying the resolver for specific RRsets in a certain order, effectively + allowing the configured max-cache-size limit to be significantly exceeded. + * Add debian/.gitlab-ci.yml + * Allow blhc failures; "CPPFLAGS missing", etc. + * Backport a1dbd6d68 and ef4eef07f4 from bind9.git to make autopkgtests pass. 1:9.11.5.P4+dfsg-5.1+deb10u8 [Wed, 05 Oct 2022 11:07:30 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: <http://piuparts.knut.univention.de/5.0-4/#6476409876258254088>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] f6c639fef1 Bug #56345: bind9 1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 doc/errata/staging/bind9.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) [5.0-4] be9c2b65bd Bug #56345: bind9 1:9.11.5.P4+dfsg-5.1+deb10u9A~5.0.4.202307241136 doc/errata/staging/bind9.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x751>