[Bug 1773720] Re: CVE-2017-15105
This bug was fixed in the package unbound - 1.6.7-1ubuntu2.1 --- unbound (1.6.7-1ubuntu2.1) bionic-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 -- Simon Deziel Mon, 28 May 2018 02:38:19 + -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
This bug was fixed in the package unbound - 1.5.8-1ubuntu1.1 --- unbound (1.5.8-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 * Fix install of trust anchor when two anchors are present - debian/patches/unbound-r4302.patch -- Simon Deziel Mon, 28 May 2018 02:38:19 + ** Changed in: unbound (Ubuntu Xenial) Status: New => Fix Released ** Changed in: unbound (Ubuntu Artful) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
This bug was fixed in the package unbound - 1.6.5-1ubuntu0.2 --- unbound (1.6.5-1ubuntu0.2) artful-security; urgency=medium * SECURITY UPDATE: vulnerability in the processing of wildcard synthesized NSEC records (LP: #1773720) - debian/patches/CVE-2017-15105.patch - CVE-2017-15105 -- Simon Deziel Mon, 28 May 2018 02:38:19 + ** Changed in: unbound (Ubuntu Bionic) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
This bug was fixed in the package unbound - 1.7.1-1 --- unbound (1.7.1-1) unstable; urgency=medium [ Robert Edmonds ] * debian/control: Update Vcs-* links to use salsa.debian.org URLs * New upstream version 1.7.1 [ Simon Deziel ] * debian/apparmor-profile: Add capabilities to chown/chmod Unix control socket (Closes: #891705) * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups * debian/apparmor-profile: Permit unbound to notify readiness to systemd (Closes: #867186) * debian/apparmor-profile: Let unbound r/w anywhere under /var/lib/unbound (Closes: #882731) * debian/apparmor-profile: Use attach_disconnected -- Robert Edmonds Wed, 23 May 2018 15:41:54 -0400 ** Changed in: unbound (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
Migrated successfully, and done for Cosmic ** Also affects: unbound (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: unbound (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: unbound (Ubuntu Artful) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
Hi Simon, I agree that all Delta we currently carry is picked by Debian. Therefore making this a sync in Cosmic now [1]. It just started to build, lets see if there are any hickups on migration. [1]: https://launchpad.net/ubuntu/+source/unbound/1.7.1-1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
@sbeattie, thanks for fixing the bionic and artful packages and sorry for the bad debdiffs. They built (and tested) fine locally, probably missing the patch as you highlighted though. I tested the bionic and artful builds from the ubuntu-security-proposed ppa and they work fine, thanks! I'll be looking into the backport for xenial but it would be nice if the bionic/artful builds are not gated by this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
Hi Simon, So I hit a few issues with the debdiffs: - the patch taken from upstream is in patch -p0 format so quilt push would fail; attempting to adjust the quilt series file to use -p0 (I think, may have conflated with the following issue) failed during the package build. - the unbound package has a debian-changes.patch in its series, which is a catch-all patch that accumulates changes; with the added patch in the series file after that, pushing the patch then building the source resulted in duplicated changes trying to be applied. - for xenial, the upstream patch fails to apply and needs backporting. I addressed the first two issues for bionic and artful, and have uploaded to the ubuntu-security-proposed ppa for testing. The patch for xenial needs backporting, and please ensure that proposed fixes build successfully, either locally or in a ppa. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
** Changed in: unbound (Ubuntu) Status: New => In Progress ** Changed in: unbound (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
The attachment "bionic-lp1773720.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
I've attached debdiffs for Xenial to Bionic. Please let me know if something needs a rework. For Cosmic, all that's needed is a sync from Debian. Merge-o-matic didn't do it due to the Ubuntu delta but fortunately this delta was adopted by Debian with Unbound 1.7.1-1. Should I open a new LP to ask for that "force" sync? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
** Patch added: "artful-lp1773720.debdiff" https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+attachment/5145371/+files/artful-lp1773720.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
** Patch added: "xenial-lp1773720.debdiff" https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+attachment/5145372/+files/xenial-lp1773720.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773720] Re: CVE-2017-15105
** Information type changed from Public to Public Security ** Patch added: "bionic-lp1773720.debdiff" https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+attachment/5145370/+files/bionic-lp1773720.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773720 Title: CVE-2017-15105 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
