Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4a7d47fc by Moritz Muehlenhoff at 2026-06-25T15:18:29+02:00
new pdns-rec issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,50 @@
+CVE-2026-52690
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
+CVE-2026-42387
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
+CVE-2026-42388
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
+CVE-2026-42389
+       - pdns-recursor <unfixed>
+       [trixie] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
+       [bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
+       [bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
+CVE-2026-42390
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
 CVE-2026-42005
+       - pdns-recursor 5.3.0-1
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        - pdns <unfixed>
        [bookworm] - pdns <end-of-life> (See #1119290)
        [bullseye] - pdns <end-of-life> (see DLA 4471)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42005-unbounded-resource-consumption-in-internal-webserver
+       NOTE: Only affects 5.2.x, marking first 5.3 upload as fixed version
        NOTE: 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-07.html
        NOTE: 
https://github.com/PowerDNS/pdns/commit/11e4f2da8259e5070e7a193f48d23ade38b71dc0
+CVE-2026-40012
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
+CVE-2026-33612
+       - pdns-recursor <unfixed>
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
+       [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
+       NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache
 CVE-2026-53276 [Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer]
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)


=====================================
data/dsa-needed.txt
=====================================
@@ -67,6 +67,8 @@ pdfminer (carnil)
 --
 pdns (jmm)
 --
+pdns-recursor (jmm)
+--
 perl (carnil)
   Comment from maintainer: I'd prefer to wait until upstream gets the point 
releases out
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to