Bug#868952: marked as done (bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers)
Your message dated Sat, 05 Aug 2017 19:49:40 + with message-id and subject line Bug#868952: fixed in bind9 1:9.9.5.dfsg-9+deb8u13 has caused the Debian Bug report #868952, regarding bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868952 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: bind9 Version: 1:9.10.3.dfsg.P4-12.4 Severity: serious Tags: upstream fixed-upstream Justification: regression relative to DSA-3904-1 Control: affects -1 security.debian.org,release.debian.org Control: found -1 1:9.9.5.dfsg-9+deb8u12 Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u1 Hi DSA-3904-1 (and the respective DLA) introduced a regression as described in: https://lists.isc.org/pipermail/bind-announce/2017-July/001054.html "Problems may occur when transferring from another server if TSIG is used *and* the AXFR or IXFR is more than two messages in length *and* the master server does not sign every message. NSD is an example of a popular DNS product that behaves in this manner [note: NSD's behavior is in compliance with the requirements of the RFC; it is BIND that has introduced a problem here.]" Commit in master: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=58f0fb325bbd9258d06431281eb8fdea2b126305 Commit cherry-picked to v9_9_10_P3 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6fcdcabc11f18eb128167f7f7eca4a244bf75c52 Regards, Salvatore --- End Message --- --- Begin Message --- Source: bind9 Source-Version: 1:9.9.5.dfsg-9+deb8u13 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 23 Jul 2017 15:15:58 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb Architecture: source all amd64 Version: 1:9.9.5.dfsg-9+deb8u13 Distribution: jessie-security Urgency: high Maintainer: LaMont Jones Changed-By: Yves-Alexis Perez Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-90 - BIND9 Shared Library used by BIND libdns-export100 - Exported DNS Shared Library libdns-export100-udeb - Exported DNS library for debian-installer (udeb) libdns100 - DNS Shared Library used by BIND libirs-export91 - Exported IRS Shared Library libirs-export91-udeb - Exported IRS library for debian-installer (udeb) libisc-export95 - Exported ISC Shared Library libisc-export95-udeb - Exported ISC library for debian-installer (udeb) libisc95 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg-export90 - Exported ISC CFG Shared Library libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 868952 Changes: bind9 (1:9.9.5.dfsg-9+deb8u13) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patch to fix regression introduced by patch for CVE-2017-3042. closes: #868952 Checksums-Sha1: 536a263bf811f76c67c92465ad3adfaf02ffa37b 3120 bind9_9.9
Bug#868952: marked as done (bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers)
Your message dated Sun, 23 Jul 2017 06:18:51 + with message-id and subject line Bug#868952: fixed in bind9 1:9.10.3.dfsg.P4-12.5 has caused the Debian Bug report #868952, regarding bind9: regression introduced in DSA-3904-1 can cause problems with zone transfers from some non-BIND servers to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868952 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: bind9 Version: 1:9.10.3.dfsg.P4-12.4 Severity: serious Tags: upstream fixed-upstream Justification: regression relative to DSA-3904-1 Control: affects -1 security.debian.org,release.debian.org Control: found -1 1:9.9.5.dfsg-9+deb8u12 Control: found -1 1:9.10.3.dfsg.P4-12.3+deb9u1 Hi DSA-3904-1 (and the respective DLA) introduced a regression as described in: https://lists.isc.org/pipermail/bind-announce/2017-July/001054.html "Problems may occur when transferring from another server if TSIG is used *and* the AXFR or IXFR is more than two messages in length *and* the master server does not sign every message. NSD is an example of a popular DNS product that behaves in this manner [note: NSD's behavior is in compliance with the requirements of the RFC; it is BIND that has introduced a problem here.]" Commit in master: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=58f0fb325bbd9258d06431281eb8fdea2b126305 Commit cherry-picked to v9_9_10_P3 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6fcdcabc11f18eb128167f7f7eca4a244bf75c52 Regards, Salvatore --- End Message --- --- Begin Message --- Source: bind9 Source-Version: 1:9.10.3.dfsg.P4-12.5 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jul 2017 22:28:32 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb Architecture: source Version: 1:9.10.3.dfsg.P4-12.5 Distribution: unstable Urgency: medium Maintainer: LaMont Jones Changed-By: Salvatore Bonaccorso Closes: 868952 Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-140 - BIND9 Shared Library used by BIND libdns-export162 - Exported DNS Shared Library libdns-export162-udeb - Exported DNS library for debian-installer (udeb) libdns162 - DNS Shared Library used by BIND libirs-export141 - Exported IRS Shared Library libirs-export141-udeb - Exported IRS library for debian-installer (udeb) libirs141 - DNS Shared Library used by BIND libisc-export160 - Exported ISC Shared Library libisc-export160-udeb - Exported ISC library for debian-installer (udeb) libisc160 - ISC Shared Library used by BIND libisccc-export140 - Command Channel Library used by BIND libisccc-export140-udeb - Command Channel Library used by BIND (udeb) libisccc140 - Command Channel Library used by BIND libisccfg-export140 - Exported ISC CFG Shared Library libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg140 - Config File Handling Library used by BIND liblwres141 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium . * Non-maintainer upload. * Change
