Your message dated Sun, 22 Jan 2023 09:09:59 +0100
with message-id <Y8zvV/[email protected]>
and subject line [[email protected]: Accepted pdns-recursor
4.8.1-1 (source) into unstable]
has caused the Debian Bug report #1029367,
regarding pdns-recursor: CVE-2023-22617
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1029367: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029367
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pdns-recursor
Version: 4.8.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2023-22617[0]:
| A remote attacker might be able to cause infinite recursion in
| PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for
| a misconfigured domain, because QName minimization is used in QM
| fallback mode. This is fixed in 4.8.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-22617
https://www.cve.org/CVERecord?id=CVE-2023-22617
[1] https://www.openwall.com/lists/oss-security/2023/01/20/1
[2] https://downloads.powerdns.com/patches/2023-01/
[3] https://github.com/PowerDNS/pdns/pull/12442
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pdns-recursor
Source-Version: 4.8.1-1
----- Forwarded message from Debian FTP Masters
<[email protected]> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 21 Jan 2023 14:46:48 +0000
Source: pdns-recursor
Architecture: source
Version: 4.8.1-1
Distribution: unstable
Urgency: medium
Maintainer: pdns-recursor packagers <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Changes:
pdns-recursor (4.8.1-1) unstable; urgency=medium
.
* New upstream version 4.8.1
Fixes CVE-2023-22617
Checksums-Sha1:
1a76198a03f90ffbd5b885335e07f82096baa929 2829 pdns-recursor_4.8.1-1.dsc
52aca7fa1813c77db7cc4bfae13a4bf331b9cf3d 1528477
pdns-recursor_4.8.1.orig.tar.bz2
d63c57fa6f3cfa627d5b7d472c6025c218032ba0 488
pdns-recursor_4.8.1.orig.tar.bz2.asc
67e1c21d84bfe2051c9112711b882db5be64f53f 23064
pdns-recursor_4.8.1-1.debian.tar.xz
908718d91658fb08bb6c11ca04ff0bec4db94da4 7102
pdns-recursor_4.8.1-1_source.buildinfo
Checksums-Sha256:
8f1201988b6966053f72992ff041ad8c5328cae572f55a7fadbbd1f4c4909483 2829
pdns-recursor_4.8.1-1.dsc
d7b03447009257e512f01fcc46cbdb9c859b672a1c9b23faf382e870765b0f0d 1528477
pdns-recursor_4.8.1.orig.tar.bz2
06496c71ad4c52bbe7461b8cb938bdd97e1d0ae6c7fd78eca0f149919a9e4427 488
pdns-recursor_4.8.1.orig.tar.bz2.asc
7bebeb78da282337e503b0ed00a9758a32b62fef977e27844794c22aa0c461d6 23064
pdns-recursor_4.8.1-1.debian.tar.xz
e060fe43dc008868c033577b66ead12288b45eeb2f5c0687e46cb2354001b25e 7102
pdns-recursor_4.8.1-1_source.buildinfo
Files:
e6e35c66ac6286ebc3a2a29115281a18 2829 net optional pdns-recursor_4.8.1-1.dsc
b73c415afce964f31dc5bd64a7e51c55 1528477 net optional
pdns-recursor_4.8.1.orig.tar.bz2
62a58dc65f2870faf7052a9c39fc475a 488 net optional
pdns-recursor_4.8.1.orig.tar.bz2.asc
59dc332af0774f6596254bf6062397b4 23064 net optional
pdns-recursor_4.8.1-1.debian.tar.xz
7331ae8661af463843964080412d1b3d 7102 net optional
pdns-recursor_4.8.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmPL/c0ACgkQXBPW25MF
LgOCjg//SIr17sASrfk9/nULHCFCef9soQvNMMbRkczajinJH9v2kUFjSMVqI1TK
c31vGxtu6Fc+UPBxb4BJC4hazJ2ZWwIhKhwngOSPHvLjrqHo3OiNeah/jfXl6V2y
EHFi+C63e7dli+2lNI+crIVcseVfEIPSt6WHkNW4RhxzUkYrwluY5sCFDoLWIcY8
r5iEu6wtcOGk14il9SIvU4KgCPLwruJKXdrMm205XsWRXSqarybSZqNbMEaGXMcl
bKC9CvgfGt0Ux9R84KYOGiobQTulpqrQz/feCJCjaN+UUI8AlqRpuTjHEyZhPsre
5N71eBwzn2O/YiE2zO+fRI2//gZbTH1Om4ckk4R9xvWQDwY2RHCglaImOoV4/zu5
fTfoypqcZeSkpAXlkqDQU07fg4RZ4A318sWUCkZPV+H2DhaAQGyy+RUir9bXYsnD
CA7cpIb4so8kldbmukkuAjDsoXCH/6RwoVFPb1rhEP+gT3dgdPQL+f84bY1bzgo2
3/csTTcPijOL8vfhgVnK8oP8zBGkWWUwL16HPuMpqfCILhEoiUi0eJ/6MxlvlP91
elnD2/037/8KMI5NBQfLwk19AFEXtNYAv29lVGkTNFT4k37rVWJ9u8CcbB1VqmKz
rddRxyDvWKvnzkvAXbNo3Dykx3/jmskL0xTStRRH+hyCCpH+YSY=
=ynMI
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
