Your message dated Thu, 24 Jul 2025 09:04:23 +0000
with message-id <[email protected]>
and subject line Bug#1109808: fixed in pdns-recursor 5.2.4-1
has caused the Debian Bug report #1109808,
regarding pdns-recursor: CVE-2025-30192
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109808
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pdns-recursor
Version: 5.2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.2.2-1
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2025-30192[0]:
| An attacker spoofing answers to ECS enabled requests sent out by the
| Recursor has a chance of success higher than non-ECS enabled
| queries. The updated version include various mitigations against
| spoofing attempts of ECS enabled queries by chaining ECS enabled
| requests and enforcing stricter validation of the received answers.
| The most strict mitigation done when the new setting
| outgoing.edns_subnet_harden (old style name edns-subnet-harden) is
| enabled.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30192
https://www.cve.org/CVERecord?id=CVE-2025-30192
[1]
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pdns-recursor
Source-Version: 5.2.4-1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pdns-recursor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated pdns-recursor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2025 10:18:06 +0200
Source: pdns-recursor
Architecture: source
Version: 5.2.4-1
Distribution: experimental
Urgency: medium
Maintainer: pdns-recursor packagers <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1109808
Changes:
pdns-recursor (5.2.4-1) experimental; urgency=medium
.
* New upstream version 5.2.4, fixing CVE-2025-30192.
(Closes: #1109808)
* Upload to experimental.
Checksums-Sha1:
870a3156f93a1bb4030b267b1aceaea1aaf1a353 2776 pdns-recursor_5.2.4-1.dsc
d8a261f750069f56a41d7f1c5de0b7f22d9f5228 1726272
pdns-recursor_5.2.4.orig.tar.bz2
052f906127a12c8dc02a8c991705c0fa3796094e 16628
pdns-recursor_5.2.4-1.debian.tar.xz
432bde93a3c90410fbc4f7fddd7425c38fef9098 14767
pdns-recursor_5.2.4-1_arm64.buildinfo
Checksums-Sha256:
960e89d92352656106f2fa6a65d43667d308fe01e1097fb05a05370f3c11fb60 2776
pdns-recursor_5.2.4-1.dsc
d28731b5560ca4389f566c281f40f96ca397183b1d73521ff0d5980dcb01a190 1726272
pdns-recursor_5.2.4.orig.tar.bz2
037a073fbd1f8bae8f3342f4f7e84b069898186a3e55dad7b68bf5de5261212e 16628
pdns-recursor_5.2.4-1.debian.tar.xz
ebc9ac7cbcf27ac6d904a40acd68bfcc774f4c341cae67fe79c136281b0eb219 14767
pdns-recursor_5.2.4-1_arm64.buildinfo
Files:
875d5f9db4a91a11ae4c16594042b84c 2776 net optional pdns-recursor_5.2.4-1.dsc
3230d6ee006d5d350607abf5d8c97c60 1726272 net optional
pdns-recursor_5.2.4.orig.tar.bz2
3ce049f95c0a79c840411d76c214b21a 16628 net optional
pdns-recursor_5.2.4-1.debian.tar.xz
ac3716a4cbec28b5d1929c46ef2542ba 14767 net optional
pdns-recursor_5.2.4-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmiB9IgACgkQXBPW25MF
LgN73hAAjLHP4TXatcvX9mkkuvSJxlBhw5xCsrCi5GAK++jn9obuH24JGT6hEj1X
RcRg9r/zk8k8TUaXzpbWhkjV/JnjQ3TFok4P/NeMoRpe27lJSxxNCOOhUXkLSZPF
3zi6fIuvbKDw1OfIFASnJ1v4Qa6dtFkQPg7vwmHkiKnO+T2kupTEe2ajWeh2ymcO
tYgATqHLk7lrHWbVCHq6/kl1vjK/XuvkIbKqFr6JV2TLTVnLVzg7s5a/9cBYQlDC
WUuuEkDav4UKJqzZ2cs8S3EdYb447Y9DM0SCqTtkm0KEjLftqwb2TaShAEGaCg1H
1KlhpmEykw5vP76ATRGC0yEwok+JV/A10CHxwqIX7WeXCVECpEkApDGNUJa74Q9v
9MsLcGX/lPqkO6Kta7fjcjS8e+5hgck279ey3Cm0rXmwRzBba/CmLAkzsa+QDlKa
ZT3fY7FCedMF/FwEBxhygoNFDK/ZWQX1pyTAoNEesnW5COdVintjssNL/KuM/1OA
3hIzRnQLXlslf1W4u+qIsGcfoQs0hvGNjCDME6yqRMjaN0Gv0pM6xo/3OXa/DBQu
PWkeLTYJHYswZWOyB4zHC0hrlBEXph0LKgMsDOCQlbYj87mgR8y64FOJdX2XaqU9
IXgIXEfISQwhr+1UapIfjliqSrAlDU/AOQouLeZW+FG8sznkQ+U=
=1yoG
-----END PGP SIGNATURE-----
pgpj45f1L1vYN.pgp
Description: PGP signature
--- End Message ---
