Your message dated Sun, 22 Jan 2017 07:33:33 +0000 with message-id <e1cvceb-0003px...@fasolo.debian.org> and subject line Bug#842858: fixed in bind9 1:9.10.3.dfsg.P4-11 has caused the Debian Bug report #842858, regarding bind9: CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 842858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.9.5.dfsg-9 Severity: grave Tags: security upstream Hi, the following vulnerability was published for bind9. CVE-2016-8864[0]: |A problem handling responses containing a DNAME answer can lead to an |assertion failure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8864 [1] https://kb.isc.org/article/AA-01434 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.10.3.dfsg.P4-11 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Jan 2017 04:03:28 +0000 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source Version: 1:9.10.3.dfsg.P4-11 Distribution: unstable Urgency: medium Maintainer: LaMont Jones <lam...@debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export162 - Exported DNS Shared Library libdns-export162-udeb - Exported DNS library for debian-installer (udeb) libdns162 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 828082 831796 839010 842858 848519 851062 851063 851065 Changes: bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium . * Fix some lintian warnings. * Add lsb-base dependency to lwresd (closes: #848519). * Fix CVE-2016-2775: crash in lwresd due to a long query name (closes: #831796). * Fix CVE-2016-2776: maliciously crafted query can cause named to crash (closes: #839010). * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause named to crash (closes: #842858). * Fix CVE-2016-9131: maliciously crafted response to an ANY query can cause named to crash (closes: #851065). * Fix CVE-2016-9147: query with contradictory DNSSEC information can cause named to crash (closes: #851063). * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) record can cause named to crash (closes: #851062). * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now (closes: #828082). . [ LaMont Jones ] * Update VCS fields in control. * -DDIG_SIGCHASE got dropped by the change in hardening. . [ Stefan Bader ] * Use the defaults file in systemd. Checksums-Sha1: ab07401804633455b7306f1e1339ba5ea4fd3e49 4445 bind9_9.10.3.dfsg.P4-11.dsc 4b7a849cd74c4fe16a10086c5bf20851f1929e2f 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz Checksums-Sha256: 1b88dbe9dadc24cc929cd918a800d5d459f46cac6cbdb4d27e4d79c04ab04cec 4445 bind9_9.10.3.dfsg.P4-11.dsc 057d64b8e6c6461186cba1aaae20ffe48d38642d2dedd08973055051e2cd823c 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz Files: f46552b04e1d0f460ca47311eb7630f7 4445 net optional bind9_9.10.3.dfsg.P4-11.dsc 8922bc6f78cac01f0eb01bff879e5bac 72400 net optional bind9_9.10.3.dfsg.P4-11.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliEXHQACgkQuNayzQLW 9HNQ8yAAgoz2iojLTstzL0j6cV5SYchsP4kgrMRzYmtZNo6B08g0gQYvtW8DTZqK fELXm7owiA2Becw5fup28bMHWh/LtscPRlZtLp+43RoiulLSpFideGbvMAgbUMWc +okm5x842vZ36SQvPUA3T163dLL4DzIOWQI41aJC2B0+0oScghJhmRwpQQNXuup5 ZHbgR7nHn1aex37gLsckuHrqRbZ8U9FmF/vZIzKr8zqR5Uga8S1BneTQpkW8HBv3 8AMCmgxeKk7PY0lrBiEAfEL+r39x/vP0DIP6huJ/QaIpH7S/WbK7xXx2AsZG2p+h fuSppUMxfcb07cBNB+zJ+QII+S9I2eNJFFqe+qH8eSkh3DdXoe8EmXnLf7FF/Cew 2NfGHzfz/2WQPkdkkO0Z+m+BrGNeqM9nD2m16StV6wK4/7u8Mwi/d4eJ+0hJ7D7S SafFK83IZbgJoHg5xyqHOM9j8q0VL52/As+VLtbUd5qaF3B8sgzrITp/Dkn2ZYvW VkAsGyuN8l+VQktNIP6h1AsW5UzHTv/o7O55hjzydJDGYL1ROt17ewB9RetnvTDi 9r6SwtRnxIyawR1+23z3VwwU3iPahKaBJKDUf1fclPXdYibNPS9Oqon1I1FtrNzI d5iYEs9R31aaBpDdqgiUBotZCeMgAU+s9O552cVMVPyaTnyY8eeFZePyOQAgWV+2 siLPGqlX7HTcASAxvmi5XRWvNwwPPs21RG3LPNv7QNDYZ8ZaNIwv5UtMi78nz/jF YTJotTcOYaAzp9P/AOhl7HuCQkj8leyq7D3/aZS3CoyNsrE++9j8n4PfpleiOYVp c9KlDTYevKTCFtr8Y2swOLheqJpswuAxVWT68bx2JAUSRI5lBmF83Qn+dHr7ckCi zLsNVv/+21hC6iGOL39jcOrRDx7VMTAWdv8dMeaiOW9jINmFBQDp10awM2KpTs7m SEnbpuQ0wHzHEHyNQCLYBaQe6C/pGNZh6rDEu8JxMbux6xQkzTZ136BZYwiBSWqD ++PXlwbeSx/2DaUhjIDgWprWgm9ywNLw0aBjP0V6u5tzu1rOsQ0oiQyxUyzOFo7t tP3f0bWxn8AvNFZIxdtFEFIQrJIl2TTPM1SRX4Msq5ZVuxAJkuF+hlOjhmV1QEE1 vqeii45CpEUmzE0bbi/K1MhHBC8aVUWwMmwEu9omr9OH4niXqLoelGhn5juXH0fk us40Z8qWtYTDcdkvWR+3aaes7nowR7IgEKBNSbs8YfOLh3719nwi0AyxavYiOUhY 4ACFkLFIOI9Pa958YaBpdpyYqXNJ5NLGHad4nQRmeEB07y5Ru/yg021V/8bH8K+2 eSB/q3fpOMqfcAA6KDbAodocv0NK/g== =f9Oz -----END PGP SIGNATURE-----
--- End Message ---
