Control: tags -1 minor On Fri, 22 Dec 2023 13:09:50 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <j...@inutil.org> wrote: > Source: systemd > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for systemd. > > CVE-2023-7008[0]: > Unsigned name response in signed zone is not refused when DNSSEC=yes > > https://bugzilla.redhat.com/show_bug.cgi?id=2222672 > https://github.com/systemd/systemd/issues/25676 > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2023-7008 > https://www.cve.org/CVERecord?id=CVE-2023-7008 > > Please adjust the affected versions in the BTS as needed.
This is minor at best, as we don't ship this as enabled anywhere, it's disabled by default. The CVE was also raised behind our backs, with no engagement whatsoever, so there is some glaring and major process problem that I am trying to get to the bottom of. -- Kind regards, Luca Boccassi
