Hi,I'm the reporter of the bug at https://github.com/systemd/systemd/issues/25676. I'm sorry that I have to add to the bug at this time.
The commit[0] that was determined to have introduced this vulnerability is incorrect. Looking at the relevant diff[1] the commit merely introduced the use of the `FLAGS_SET` macro, but did not change the flag being read from the incorrect variable `t`. In the fix[2] this was changed to `dt`.
Note that the vulnerability has been previously reported[3] in March 2020 on systemd v243+v244. Hence systemd v248 is definitely not the first version introducing the vulnerable code.
In fact, I have reproduced the issue right now on both Debian buster (10.13) with systemd 241-7~deb10u10 and Debian bullseye (11.8) with systemd 247.3-7+deb11u4.
I assume the vulnerability was introduced with the initial version[4] of the `dns_transaction_requires_rrsig` function, which already read the flag from `t`. This would have been in systemd v229, but I did not test any version older than v241.
I would add this information to the GitHub issue, but it has been locked. Perhaps a systemd contributor could relay this update, so that the misleading information does not spread.
Regards, Jan Erik Petersen[0] https://github.com/systemd/systemd/commit/6f055e43b817b66e6d4f6e4022f0a115dc35651b [1] https://github.com/systemd/systemd/commit/6f055e43b817b66e6d4f6e4022f0a115dc35651b#diff-d63d6fd38d6a715e4ca052fc0fb65eda859f3822dbddffa4a87a3ee872e25eafL2621 [2] https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
[3] https://github.com/systemd/systemd/issues/15158[4] https://github.com/systemd/systemd/commit/105e151299dc1208855380be2b22d0db2d66ebc6
OpenPGP_signature.asc
Description: OpenPGP digital signature
