Package: pdns-tools Severity: important Hi,
a local denial of service has been found and fixed in dnsreplay. As it's local only and one shouldn't really parse untrusted file with it anyway, I don't think it warrants a DSA (but I guess an isolated fix could qualify for a stable upload). When you fix this for unstable and close this bug, please mention the CVE number is the changelog. More information can be found here https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html and the fix is available here: https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8 Regards, -- Yves-Alexis -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pdns-tools depends on: ii libboost-program-options1.62.0 1.62.0+dfsg-5+b1 ii libc6 2.27-3 ii libgcc1 1:8.1.0-1 ii libssl1.1 1.1.0h-2 ii libstdc++6 8.1.0-1 pdns-tools recommends no packages. pdns-tools suggests no packages.
