On Mon, Feb 09, 2026 at 09:35:46PM +0100, Salvatore Bonaccorso wrote: > Control: retitle -1 pdns-recursor: CVE-2026-24027 CVE-2026-0398 > > On Mon, Feb 09, 2026 at 05:41:55PM +0100, Salvatore Bonaccorso wrote: > > Source: pdns-recursor > > Version: 5.3.4-2 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: [email protected], Debian Security Team > > <[email protected]> > > Control: found -1 5.2.7-0+deb13u1 > > > > Hi, > > > > The following vulnerability was published for pdns-recursor. > > > > CVE-2026-24027[0]: > > | Crafted zones can lead to increased incoming network traffic. > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2026-24027 > > https://www.cve.org/CVERecord?id=CVE-2026-24027 > > [1] > > https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html > > Looks that the advisory got an update including a second CVE: > CVE-2026-0398 (or we overlooked the second CVE, this is possible).
I probably was just confused. FWIW, so two CVEs covered in the new usptream version. Regards, Salvatore
