Your message dated Thu, 15 Feb 2024 10:02:40 +0000
with message-id <e1rayzk-009ixw...@fasolo.debian.org>
and subject line Bug#1063845: fixed in unbound 1.13.1-1+deb11u2
has caused the Debian Bug report #1063845,
regarding unbound: Package 1.19.1 to fix CVE-2023-50387 and CVE-2023-50868
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1063845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: unbound
Version: 1.18.0-2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Today 2 remote exploitable High Severity CVE's were published and
unbound has released version 1.19.1 to fix those.
Relevant links:
https://fosstodon.org/@nlnetlabs/111924266007688683
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
I think a Release Critical Severity is more appropriate, but none of
the (by reportbug) presented options were applicable. It seems reportbug
then changed it to 'normal', which I manually changed to 'important'.
Fixing this bug would also fix bug #1051817, #1051818 and #1056631.
Link: https://bugs.debian.org/1051817
Link: https://bugs.debian.org/1051818
Link: https://bugs.debian.org/1056631
- -- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZcuATAAKCRDXblvOeH7b
buedAP0QEqqGjjN4ZP8nu+WdKqrUWupLtsaN6FqEyNOd5OSp3QD/Wfh/sE5azFqf
99HKnBGhNVhrnxlNYIPlEjIns5pVDQs=
=thcd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: unbound
Source-Version: 1.13.1-1+deb11u2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1063...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated unbound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Feb 2024 21:15:34 +0100
Source: unbound
Architecture: source
Version: 1.13.1-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: unbound packagers <unbo...@packages.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1063845
Changes:
unbound (1.13.1-1+deb11u2) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address DNSSEC protocol vulnerabilities (Closes: #1063845)
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to
exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
Checksums-Sha1:
c0201ed9b8890d8fe94e29ca4104fcfd68bf283e 3198 unbound_1.13.1-1+deb11u2.dsc
561522b06943f6d1c33bd78132db1f7020fc4fd1 5976957 unbound_1.13.1.orig.tar.gz
f20b17d911dfa8efb58ee412207829cea2d964c4 833 unbound_1.13.1.orig.tar.gz.asc
c6ed27f27987beb1550ac25e4c292fae4d3da1f7 44472
unbound_1.13.1-1+deb11u2.debian.tar.xz
Checksums-Sha256:
4594320d0d1c8997ce17530763637ae96dcf72ce5d9412a01a9fd71806ac6afe 3198
unbound_1.13.1-1+deb11u2.dsc
8504d97b8fc5bd897345c95d116e0ee0ddf8c8ff99590ab2b4bd13278c9f50b8 5976957
unbound_1.13.1.orig.tar.gz
1ca1fb3db4baa3e831bc42fcecf3eaceb316abf7a2d816dc46d0efcd199f419e 833
unbound_1.13.1.orig.tar.gz.asc
2c0289540d8530d2a7cf377d4fe2ba87f4998a37e452d5b8b4f8d353b89dd2e7 44472
unbound_1.13.1-1+deb11u2.debian.tar.xz
Files:
2d1aa1cfbd128149d6432ae421327e31 3198 net optional unbound_1.13.1-1+deb11u2.dsc
0cd660a40d733acc6e7cce43731cac62 5976957 net optional
unbound_1.13.1.orig.tar.gz
4c3726440d8271df13ba2189846141e6 833 net optional
unbound_1.13.1.orig.tar.gz.asc
93f94d93ed156ca1ede8b9b2aae75d53 44472 net optional
unbound_1.13.1-1+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXLz2NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EpgAP/R+s8jPMGZF47V1jOg1kaSvjtK/5nDhy
ZhvxBBW+JOIMJKluDTHy5T6w7eACTevhuvMDRGUMVcA+tYx0rB1iJQpkkonrsvyk
EhkEmmeYVnFlhhYg6atknakAy63bFlV+cIKfT2a2FkA1ZXh1eN88XqHV4zAYk9pe
RtnLkaQWgd+myHjIfRKVGWbsV7dJ0FPKogo0rct/y9tzk5ndC0YT5JmDS/8X5dI/
pciFu3yNIBqRdI4MLBzExB4pAKv6TVvDkoJ3T8+3i9ZP+2cjgDDQfFTxBcOUKYd7
1Zgz2Us9ij7ov/iFmSE6EFrxQqWoFKaVvCoqLhV+1l9paeF1i942qZujfpkEuzpm
2bFbfKRsyc6p4MJZImI9mizWxhGpL3AyC8hUHDJeBSUbH/CEl84V4UpIN+8UbihD
Wjiik5RP+UjqCDjGHJEc1fat/8J1lOarTwzFX/wI0/bxfyW4pLlciLRzK1FrP3pa
gPeb5hVQ4d6WvWnnSnrb1Kd1dX1Hsty2vFFpvto9NuEKHnTx2LbzYR+hS0kn31RL
vzi9/jB3ND0ztN+dr8uwLaeTvTq69ssuLjlGOZeqTSwzWhM5t2VEiHkFOt+URVol
iEalYs5jmmbbfvqR0INMBfDQW7P7a/Q7/nO1tXT0S1i7OYv0KKqsl21e8k6VwvWA
8+SujWaIIuAN
=/SSJ
-----END PGP SIGNATURE-----
pgpDVAxESE1l7.pgp
Description: PGP signature
--- End Message ---
