[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble
> Note that bind-dyndb-ldap does not support 9.19 yet Good to know, thanks. We are sticking to 9.18.x for now, as that's upstream's current LTS branch. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2040359 Title: Merge bind9 from Debian unstable for noble Status in bind-dyndb-ldap package in Ubuntu: In Progress Status in bind9 package in Ubuntu: In Progress Bug description: Upstream: 9.18.19 Debian: 1:9.19.17-1 Ubuntu: 1:9.18.18-0ubuntu2 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bind9 (1:9.19.17-1) unstable; urgency=medium * New upstream version 9.19.17 - CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (Closes: #1052416) - CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load (Closes: #1052417) -- Ondřej Surý Wed, 20 Sep 2023 18:13:07 +0200 bind9 (1:9.19.16-1) experimental; urgency=medium * New upstream version 9.19.16 -- Ondřej Surý Wed, 16 Aug 2023 17:54:24 +0200 bind9 (1:9.19.15-1) experimental; urgency=medium * New upstream version 9.19.15 -- Ondřej Surý Wed, 19 Jul 2023 14:16:46 +0200 bind9 (1:9.19.14-1) experimental; urgency=medium * New upstream version 9.19.14 -- Ondřej Surý Wed, 21 Jun 2023 21:00:01 +0200 bind9 (1:9.19.13-1) experimental; urgency=medium * New upstream version 9.19.13 -- Ondřej Surý Wed, 17 May 2023 17:50:48 +0200 bind9 (1:9.19.12-2) experimental; urgency=medium * Add liburcu-dev to Build-Depends -- Ondřej Surý Thu, 20 Apr 2023 14:24:06 +0200 bind9 (1:9.19.12-1) experimental; urgency=medium * New upstream version 9.19.12 -- Ondřej Surý Wed, 19 Apr 2023 15:01:59 +0200 bind9 (1:9.19.11-1) experimental; urgency=medium * New upstream version 9.19.11 * Update the d/bind9-dev.install, d/bind9.install and d/not-installed after library squash -- Ondřej Surý Wed, 15 Mar 2023 18:27:20 +0100 bind9 (1:9.19.10-1) experimental; urgency=medium * New upstream version 9.19.10 * Drop libtool-bin from B-D (Closes: #1022968) -- Ondřej Surý Fri, 10 Feb 2023 15:16:29 +0100 bind9 (1:9.19.9-2) experimental; urgency=medium * Allow the named to use systemd notify service -- Ondřej Surý Thu, 26 Jan 2023 21:18:35 +0100 bind9 (1:9.19.9-1) experimental; urgency=medium * New upstream version 9.19.9 -- Ondřej Surý Wed, 25 Jan 2023 16:04:03 +0100 bind9 (1:9.19.8-1) experimental; urgency=medium * New upstream version 9.19.8 -- Ondřej Surý Wed, 21 Dec 2022 18:02:17 +0100 bind9 (1:9.19.7-1) experimental; urgency=medium * New upstream version 9.19.7 -- Ondřej Surý Wed, 16 Nov 2022 14:05:15 +0100 bind9 (1:9.19.6-2) experimental; urgency=medium * Use systemd notify for service readyness check (Closes: #994696) -- Bernhard Schmidt Sun, 30 Oct 2022 00:14:05 +0200 bind9 (1:9.19.6-1) experimental; urgency=medium * New upstream version 9.19.6 -- Ondřej Surý Wed, 19 Oct 2022 15:06:31 +0200 bind9 (1:9.19.5-1) experimental; urgency=medium * New upstream version 9.19.5 ### Old Ubuntu Delta ### bind9 (1:9.18.18-0ubuntu2) mantic; urgency=medium * SECURITY UPDATE: DoS via recusive packet parsing - debian/patches/CVE-2023-3341.patch: add a max depth check to lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c. - CVE-2023-3341 * SECURITY UPDATE: Dos via DNS-over-TLS queries - debian/patches/CVE-2023-4236.patch: check return code in lib/isc/netmgr/tlsdns.c. - CVE-2023-4236 -- Marc Deslauriers Wed, 20 Sep 2023 12:45:21 -0400 bind9 (1:9.18.18-0ubuntu1) mantic; urgency=medium * New upstream release 9.18.18 (LP: #2034367) - Updates: + Mark a primary server as temporarily unreachable when a TCP connection response to an SOA query times out, matching behavior of a refused TCP connection. + Mark dialup and heartbeat-interval options as deprecated. + Retry DNS queries without an EDNS COOKIE when the first response is FORMERR with the EDNS COOKIE that was sent originally. + Use NS records for the relaxed QNAME minimization mode to reduce the number of queries from named. - Bug Fixes: + Fix assertion failure from processing already-queued queries while server is being reconfigured or cache is being flushed. + Fix failure to load zones containing resource records with
[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble
Note that bind-dyndb-ldap does not support 9.19 yet https://pagure.io/bind-dyndb-ldap/issue/222 but since 9.19 should become 9.20 in March, maybe upstream will fix it in time for noble release. But in the meantime b-d-l would have to be removed from noble until that happens. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2040359 Title: Merge bind9 from Debian unstable for noble Status in bind-dyndb-ldap package in Ubuntu: In Progress Status in bind9 package in Ubuntu: In Progress Bug description: Upstream: 9.18.19 Debian: 1:9.19.17-1 Ubuntu: 1:9.18.18-0ubuntu2 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bind9 (1:9.19.17-1) unstable; urgency=medium * New upstream version 9.19.17 - CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (Closes: #1052416) - CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load (Closes: #1052417) -- Ondřej Surý Wed, 20 Sep 2023 18:13:07 +0200 bind9 (1:9.19.16-1) experimental; urgency=medium * New upstream version 9.19.16 -- Ondřej Surý Wed, 16 Aug 2023 17:54:24 +0200 bind9 (1:9.19.15-1) experimental; urgency=medium * New upstream version 9.19.15 -- Ondřej Surý Wed, 19 Jul 2023 14:16:46 +0200 bind9 (1:9.19.14-1) experimental; urgency=medium * New upstream version 9.19.14 -- Ondřej Surý Wed, 21 Jun 2023 21:00:01 +0200 bind9 (1:9.19.13-1) experimental; urgency=medium * New upstream version 9.19.13 -- Ondřej Surý Wed, 17 May 2023 17:50:48 +0200 bind9 (1:9.19.12-2) experimental; urgency=medium * Add liburcu-dev to Build-Depends -- Ondřej Surý Thu, 20 Apr 2023 14:24:06 +0200 bind9 (1:9.19.12-1) experimental; urgency=medium * New upstream version 9.19.12 -- Ondřej Surý Wed, 19 Apr 2023 15:01:59 +0200 bind9 (1:9.19.11-1) experimental; urgency=medium * New upstream version 9.19.11 * Update the d/bind9-dev.install, d/bind9.install and d/not-installed after library squash -- Ondřej Surý Wed, 15 Mar 2023 18:27:20 +0100 bind9 (1:9.19.10-1) experimental; urgency=medium * New upstream version 9.19.10 * Drop libtool-bin from B-D (Closes: #1022968) -- Ondřej Surý Fri, 10 Feb 2023 15:16:29 +0100 bind9 (1:9.19.9-2) experimental; urgency=medium * Allow the named to use systemd notify service -- Ondřej Surý Thu, 26 Jan 2023 21:18:35 +0100 bind9 (1:9.19.9-1) experimental; urgency=medium * New upstream version 9.19.9 -- Ondřej Surý Wed, 25 Jan 2023 16:04:03 +0100 bind9 (1:9.19.8-1) experimental; urgency=medium * New upstream version 9.19.8 -- Ondřej Surý Wed, 21 Dec 2022 18:02:17 +0100 bind9 (1:9.19.7-1) experimental; urgency=medium * New upstream version 9.19.7 -- Ondřej Surý Wed, 16 Nov 2022 14:05:15 +0100 bind9 (1:9.19.6-2) experimental; urgency=medium * Use systemd notify for service readyness check (Closes: #994696) -- Bernhard Schmidt Sun, 30 Oct 2022 00:14:05 +0200 bind9 (1:9.19.6-1) experimental; urgency=medium * New upstream version 9.19.6 -- Ondřej Surý Wed, 19 Oct 2022 15:06:31 +0200 bind9 (1:9.19.5-1) experimental; urgency=medium * New upstream version 9.19.5 ### Old Ubuntu Delta ### bind9 (1:9.18.18-0ubuntu2) mantic; urgency=medium * SECURITY UPDATE: DoS via recusive packet parsing - debian/patches/CVE-2023-3341.patch: add a max depth check to lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c. - CVE-2023-3341 * SECURITY UPDATE: Dos via DNS-over-TLS queries - debian/patches/CVE-2023-4236.patch: check return code in lib/isc/netmgr/tlsdns.c. - CVE-2023-4236 -- Marc Deslauriers Wed, 20 Sep 2023 12:45:21 -0400 bind9 (1:9.18.18-0ubuntu1) mantic; urgency=medium * New upstream release 9.18.18 (LP: #2034367) - Updates: + Mark a primary server as temporarily unreachable when a TCP connection response to an SOA query times out, matching behavior of a refused TCP connection. + Mark dialup and heartbeat-interval options as deprecated. + Retry DNS queries without an EDNS COOKIE when the first response is FORMERR with the EDNS COOKIE that was sent originally. + Use NS records for the relaxed QNAME minimization mode to reduce the number of queries from named. - Bug Fixes: + Fix assertion failure from processing already-queued queries while