Bug#599515: marked as done (bind9: CVE-2010-3752)

Fri, 08 Oct 2010 03:51:25 -0700 

Your message dated Fri, 8 Oct 2010 04:48:15 -0600
with message-id <[email protected]>
and subject line Re: Bug#599515: bind9: CVE-2010-3752
has caused the Debian Bug report #599515,
regarding bind9: CVE-2010-3752
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
599515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599515
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: bind9
Severity: grave
Tags: security
Justification: user security hole

Two security issues have been reported in Bind:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html

   * If BIND, acting as a DNSSEC validating server, has two or more
     trust anchors configured in named.conf for the same zone (such as
     example.com) and the response for a record in that zone from the
     authoritative server includes a bad signature, the validating
     server will crash while trying to validate that query.
-> This is CVE-2010-3762

    * A flaw where the wrong ACL was applied was fixed. This flaw
      allowed access to a cache via recursion even though the ACL
      disallowed it.
-> No CVE ID is available so far, but this issue only affects 9.7.2,
so Squeeze/sid is not affected:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message --- 
On Fri, Oct 08, 2010 at 12:30:03PM +0200, Moritz Muehlenhoff wrote:
> Package: bind9
> Severity: grave
> Tags: security
> Justification: user security hole
> Two security issues have been reported in Bind:
> http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
> -> No CVE ID is available so far, but this issue only affects 9.7.2,
> so Squeeze/sid is not affected:

Nor will it affect Debian, since I won't be uploading the affected version.

lamont

--- End Message ---

Reply via email to