Hi Salvatore, the common agreement between DNS Vendors (that includes me) is that this shouldn't have been assigned CVE as it is an operational issue as you have an established trust between DNS master-slave for transfers. (And all DNS servers are affected.)
I don't think this really needs update in stable, but I would like to hear whether you think otherwise. Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba všeho druhu On Mon, Jul 11, 2016, at 20:30, Salvatore Bonaccorso wrote: > Source: nsd > Version: 4.1.10-1 > Severity: important > Tags: security upstream patch > Forwarded: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 > > Hi, > > the following vulnerability was published for nsd. > > CVE-2016-6173[0]: > Improper restriction of zone size limit > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2016-6173 > [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > -- System Information: > Debian Release: stretch/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > _______________________________________________ > pkg-dns-devel mailing list > pkg-dns-de...@lists.alioth.debian.org > https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel