Your message dated Wed, 23 Aug 2017 20:47:14 +0000
with message-id <[email protected]>
and subject line Bug#872854: fixed in dnsdist 1.1.0-2+deb9u1
has caused the Debian Bug report #872854,
regarding dnsdist: CVE-2016-7069 CVE-2017-7557
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
872854: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872854
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dnsdist
Version: 1.1.0-2
Severity: important
Tags: security patch upstream
Hi,
the following vulnerabilities were published for dnsdist, not filling
two bugs individually since 1.1.0 is commont for all affected suites.
CVE-2016-7069[0]:
Crafted backend responses can cause a denial of service
CVE-2017-7557[1]:
Alteration of ACLs via API authentication bypass
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7069
[1] https://security-tracker.debian.org/tracker/CVE-2017-7557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 1.1.0-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
dnsdist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <[email protected]> (supplier of updated dnsdist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 22 Aug 2017 13:58:05 +0000
Source: dnsdist
Binary: dnsdist
Architecture: source
Version: 1.1.0-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian DNS Packaging <[email protected]>
Changed-By: Christian Hofstaedtler <[email protected]>
Description:
dnsdist - DNS loadbalancer
Closes: 872854
Changes:
dnsdist (1.1.0-2+deb9u1) stretch; urgency=medium
.
* Fix CVE-2016-7069, CVE-2017-7557 using patches from upstream
(Closes: #872854)
Checksums-Sha1:
32702518836a4ebc4117bfaf1b177409ae4bdd67 2087 dnsdist_1.1.0-2+deb9u1.dsc
8653d12d19c9fd88925fc03f904862e2e2c5dadd 13012
dnsdist_1.1.0-2+deb9u1.debian.tar.xz
fd806280a9bd2d054909cfd0ec08fdae080c4c1c 5787
dnsdist_1.1.0-2+deb9u1_source.buildinfo
Checksums-Sha256:
61f0285c2fff7664229597172f976585fa4f31f160b2416d9526fe40c5b0e24a 2087
dnsdist_1.1.0-2+deb9u1.dsc
13c9d651b5b30219a63739356c3315c30e506b1ace36a7411c17e2374c5e3c0c 13012
dnsdist_1.1.0-2+deb9u1.debian.tar.xz
9063f6865c9aabb76cd1f0c89dc882ac89d9b1377e0ebb81db1c47d695dca8f5 5787
dnsdist_1.1.0-2+deb9u1_source.buildinfo
Files:
a363fd828497549f91f7a0aef9657033 2087 net optional dnsdist_1.1.0-2+deb9u1.dsc
3a38a7a74d6ce303c069340368aad476 13012 net optional
dnsdist_1.1.0-2+deb9u1.debian.tar.xz
1f2af861e47e2c7a253252a17d440df7 5787 net optional
dnsdist_1.1.0-2+deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlmcslwACgkQXBPW25MF
LgNT8w/+NQza5enKHWz6qOr+hrI4hJy8fkxuBQZ5DwtTtz+o9wW7ivHFm74UWUYg
+QlUVyDyqd65pSXH0Hg8WACwm8euGOGV/Ay1R5sDfmFOeW1E3lHPOleDZ39HEY+o
0TpDxOoaG8n+HW810hzRtTgaZEmXm6lGbkR8UPOuuNW30MaLnModDRU8OW6IaDjc
RL9aajQg1yDciuri92+5i4LiUZ2zcwBQfePA6haG6fqZASgF3MrL+4zg5QnzrxPS
ouGQEsbPSpKaWxauK++Eeo8L6zOa/fy00Lr9szkqLFcVua+aQCTn7VK3NqG9VCib
puzJDuQF+QzywdPu46AoPc6erOwQTGN3j8NRKHi0VzUPXXPlJ6WsZuF8Tmtwh+KU
Ew815tuXF8J4FVbtOrK1VKLzHutSGkVOuNTeg33Uy6HP0tbr5yz3Vjo/3I5NO27m
l7k3cfPVWrqALeTE9ZoESfxL/jj5KpHfrh4Ma9ucW9rmOBzaZBt57Pgxkzz/kGQX
hkTHJduOBrH7ivKXMLPowNBZnE70b0xLwksZUboPY4WJOSGsYexHkAd7DmWLItxp
4GVAd5JIsIQMG46uX+l/1Sh1HseVb/mxb1ZS1xAzm13Gcs0OxpMdyMrfo+rRRzi6
TeLX895p+BSCTe5GwNjos0X5epdG07wbX5bECi/iJ+sCo7kNd6I=
=PDuX
-----END PGP SIGNATURE-----
--- End Message ---
