Your message dated Thu, 15 Feb 2024 10:02:40 +0000 with message-id <e1rayzk-009ixw...@fasolo.debian.org> and subject line Bug#1063845: fixed in unbound 1.13.1-1+deb11u2 has caused the Debian Bug report #1063845, regarding unbound: Package 1.19.1 to fix CVE-2023-50387 and CVE-2023-50868 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1063845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: unbound Version: 1.18.0-2 Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Today 2 remote exploitable High Severity CVE's were published and unbound has released version 1.19.1 to fix those. Relevant links: https://fosstodon.org/@nlnetlabs/111924266007688683 https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ https://kb.isc.org/docs/cve-2023-50387 https://kb.isc.org/docs/cve-2023-50868 I think a Release Critical Severity is more appropriate, but none of the (by reportbug) presented options were applicable. It seems reportbug then changed it to 'normal', which I manually changed to 'important'. Fixing this bug would also fix bug #1051817, #1051818 and #1056631. Link: https://bugs.debian.org/1051817 Link: https://bugs.debian.org/1051818 Link: https://bugs.debian.org/1056631 - -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.13-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZcuATAAKCRDXblvOeH7b buedAP0QEqqGjjN4ZP8nu+WdKqrUWupLtsaN6FqEyNOd5OSp3QD/Wfh/sE5azFqf 99HKnBGhNVhrnxlNYIPlEjIns5pVDQs= =thcd -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: unbound Source-Version: 1.13.1-1+deb11u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of unbound, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1063...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated unbound package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Feb 2024 21:15:34 +0100 Source: unbound Architecture: source Version: 1.13.1-1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: unbound packagers <unbo...@packages.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1063845 Changes: unbound (1.13.1-1+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Address DNSSEC protocol vulnerabilities (Closes: #1063845) - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. Checksums-Sha1: c0201ed9b8890d8fe94e29ca4104fcfd68bf283e 3198 unbound_1.13.1-1+deb11u2.dsc 561522b06943f6d1c33bd78132db1f7020fc4fd1 5976957 unbound_1.13.1.orig.tar.gz f20b17d911dfa8efb58ee412207829cea2d964c4 833 unbound_1.13.1.orig.tar.gz.asc c6ed27f27987beb1550ac25e4c292fae4d3da1f7 44472 unbound_1.13.1-1+deb11u2.debian.tar.xz Checksums-Sha256: 4594320d0d1c8997ce17530763637ae96dcf72ce5d9412a01a9fd71806ac6afe 3198 unbound_1.13.1-1+deb11u2.dsc 8504d97b8fc5bd897345c95d116e0ee0ddf8c8ff99590ab2b4bd13278c9f50b8 5976957 unbound_1.13.1.orig.tar.gz 1ca1fb3db4baa3e831bc42fcecf3eaceb316abf7a2d816dc46d0efcd199f419e 833 unbound_1.13.1.orig.tar.gz.asc 2c0289540d8530d2a7cf377d4fe2ba87f4998a37e452d5b8b4f8d353b89dd2e7 44472 unbound_1.13.1-1+deb11u2.debian.tar.xz Files: 2d1aa1cfbd128149d6432ae421327e31 3198 net optional unbound_1.13.1-1+deb11u2.dsc 0cd660a40d733acc6e7cce43731cac62 5976957 net optional unbound_1.13.1.orig.tar.gz 4c3726440d8271df13ba2189846141e6 833 net optional unbound_1.13.1.orig.tar.gz.asc 93f94d93ed156ca1ede8b9b2aae75d53 44472 net optional unbound_1.13.1-1+deb11u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXLz2NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EpgAP/R+s8jPMGZF47V1jOg1kaSvjtK/5nDhy ZhvxBBW+JOIMJKluDTHy5T6w7eACTevhuvMDRGUMVcA+tYx0rB1iJQpkkonrsvyk EhkEmmeYVnFlhhYg6atknakAy63bFlV+cIKfT2a2FkA1ZXh1eN88XqHV4zAYk9pe RtnLkaQWgd+myHjIfRKVGWbsV7dJ0FPKogo0rct/y9tzk5ndC0YT5JmDS/8X5dI/ pciFu3yNIBqRdI4MLBzExB4pAKv6TVvDkoJ3T8+3i9ZP+2cjgDDQfFTxBcOUKYd7 1Zgz2Us9ij7ov/iFmSE6EFrxQqWoFKaVvCoqLhV+1l9paeF1i942qZujfpkEuzpm 2bFbfKRsyc6p4MJZImI9mizWxhGpL3AyC8hUHDJeBSUbH/CEl84V4UpIN+8UbihD Wjiik5RP+UjqCDjGHJEc1fat/8J1lOarTwzFX/wI0/bxfyW4pLlciLRzK1FrP3pa gPeb5hVQ4d6WvWnnSnrb1Kd1dX1Hsty2vFFpvto9NuEKHnTx2LbzYR+hS0kn31RL vzi9/jB3ND0ztN+dr8uwLaeTvTq69ssuLjlGOZeqTSwzWhM5t2VEiHkFOt+URVol iEalYs5jmmbbfvqR0INMBfDQW7P7a/Q7/nO1tXT0S1i7OYv0KKqsl21e8k6VwvWA 8+SujWaIIuAN =/SSJ -----END PGP SIGNATURE-----pgpDVAxESE1l7.pgp
Description: PGP signature
--- End Message ---