Your message dated Mon, 22 Sep 2025 16:19:13 +0000
with message-id <[email protected]>
and subject line Bug#1115643: fixed in dnsdist 2.0.1-1
has caused the Debian Bug report #1115643,
regarding dnsdist: CVE-2025-30187
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1115643: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115643
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dnsdist
Version: 1.9.10-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.0.0-6
Hi,
The following vulnerability was published for dnsdist.
CVE-2025-30187[0]:
| In some circumstances, when DNSdist is configured to use the nghttp2
| library to process incoming DNS over HTTPS queries, an attacker
| might be able to cause a denial of service by crafting a DoH
| exchange that triggers an unbounded I/O read loop, causing an
| unexpected consumption of CPU resources.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30187
https://www.cve.org/CVERecord?id=CVE-2025-30187
[1]
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
[2] https://www.openwall.com/lists/oss-security/2025/09/18/1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 2.0.1-1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dnsdist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated dnsdist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 22 Sep 2025 17:35:43 +0200
Source: dnsdist
Architecture: source
Version: 2.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: dnsdist packagers <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1115643
Changes:
dnsdist (2.0.1-1) unstable; urgency=medium
.
* New upstream version 2.0.1, includes fix for CVE-2025-30187
Closes: #1115643
* Drop upstream-applied patch
Checksums-Sha1:
e962159fe3c2690a395222047133f81105423070 2678 dnsdist_2.0.1-1.dsc
fddb9c139b1aee388164ea7c48792c0d77e63a62 2279512 dnsdist_2.0.1.orig.tar.xz
31ccc03299c7d3d0b7941b13cb71dd7129f94664 525 dnsdist_2.0.1.orig.tar.xz.asc
f08b89e0a7fc91904f6975d6f81ac32f7446b78e 18392 dnsdist_2.0.1-1.debian.tar.xz
f6e36648efe464c9e97f3db7197efc68f6ac1026 18806 dnsdist_2.0.1-1_arm64.buildinfo
Checksums-Sha256:
b374ab434de7a042c7ae96810cab23864f8a191f64c44e90c3ec1e1b2c3d7325 2678
dnsdist_2.0.1-1.dsc
144e2356d07d6577a570782a6f79f426125344221dbdc4ddaaa7f9d468d51900 2279512
dnsdist_2.0.1.orig.tar.xz
70295854b2f0b49cb43faaed11e3fc9e8743b89c4cf8f949480d21281ce89e7c 525
dnsdist_2.0.1.orig.tar.xz.asc
429db6a538be7f88118bd9508df1e052245f2de3cfef7efff7eb3d7bafab66fd 18392
dnsdist_2.0.1-1.debian.tar.xz
6869d98e0c53b688b437eb2b7ac6dd7dd09dd4bb6e1120ceffc6f7f32802ca8a 18806
dnsdist_2.0.1-1_arm64.buildinfo
Files:
9fd33d369ef46f7632400b5d65c5dfc9 2678 net optional dnsdist_2.0.1-1.dsc
9dce6b164c3cdc72fe67ab80f98adbbb 2279512 net optional dnsdist_2.0.1.orig.tar.xz
c07c7779ef82de64318a63a7ec919f3d 525 net optional dnsdist_2.0.1.orig.tar.xz.asc
3efd9f4a8dded3f384fd0ad50a765489 18392 net optional
dnsdist_2.0.1-1.debian.tar.xz
06676be8cf941666a0cf0502d7e0305d 18806 net optional
dnsdist_2.0.1-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmjRc90ACgkQXBPW25MF
LgNOyA//Q88fXN0D0xdl4XCzfHi9oiA5pun7Yxu99ygOSJ7xK/FDk9aAIJcnv510
W6PyhsxO0crPk/1TJdZ4MGaXOt5b7vkMcv4HR9KLgD+Hducw9jS9IK+N0JrbPOGH
GM6wmKNmi/BVviwKlTx3SUrQoP9t0f8JI5g0G+BKct9W2mnELlXs2TFbJLGy+dq9
dhlnoi5zHELxfGfgM3MwgAUJVkkPEwMxCJyC5A+GC8sZf88ffbh+j9CgdABSKsqx
8bQ3oNOS29dB7cO9Ab3euM4oJB/87nYOUCX4I9ILtMIWB9wV3yd57elGEfZl84lQ
sGVcGCamjJk6nWWsuB+bzJEeonUMOS3nwZeGTZI4qEombwwpPDvoQRQ1tFzlhY+i
PZQX3y5h+IWHGSDRRSbwIpnFSpEKftGkd74BRgd869FdH/IpxxIKHN8yA4u6l33Z
haRuAVm/3bmJJ4CZX0fQ4zzdBnerk9ve3IbRV5TZvHMtGhsiKWoXeHLtYOh6xoMv
Xk86b/GyZtalB1UUxdCKtiZVTBe+A2y7GzwKzozm3SSl+LgOPJ3H3+rII8KdCUzx
XsMNS84aY164Tcc2F4eWYQaf5Vuv/dyLfjXoRUubBPO7RnooHqPZejmkRlKATFbx
Co6K9M+NMydkXk8Tj3u3Snin9USNIuePWN6zP6cyN5IRhUd21vw=
=YoC7
-----END PGP SIGNATURE-----
pgpLT19BLuSGH.pgp
Description: PGP signature
--- End Message ---
