[ubuntu/xenial-proposed] bind9 1:9.10.3.dfsg.P4-1 (Accepted)

[LaMont Jones]

bind9 (1:9.10.3.dfsg.P4-1) experimental; urgency=medium

  [ ISC ]
  * New upstream: 9.10.3-P3
    - Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
    - render_ecs errors were mishandled when printing out a OPT record
      resulting in a assertion failure.  (CVE-2015-8705) [RT #41397]
    - Fixed a regression in resolver.c:possibly_mark() which caused
      known-bogus servers to be queried anyway. [RT #41321]
  * New upstream: 9.10.3-P4
    - Malformed control messages can trigger assertions in named and rndc.
      (CVE-2016-1285) [RT #41666]
    - Fix resolver assertion failure due to improper DNAME handling when
      parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
    - Duplicate EDNS COOKIE options in a response could trigger an
      assertion failure. (CVE-2016-2088) [RT #41809]

  [LaMont Jones]

  * Do not build -export libs for libbind90 and liblwres.  Relates in part
    to, and is the last fix to LP: #1551351
  * update patches for 9.10.3.dfsg.P4.  Drop 50_CVE_2015-8704.diff

  [ Stefan Bader ]

  * Do not modify signal handlers for external apps. LP: #1556175

Date: Thu, 17 Mar 2016 14:53:36 -0600
Changed-By: LaMont Jones <lam...@debian.org>
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Mar 2016 14:53:36 -0600
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 
libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils 
lwresd libbind-export-dev libdns-export162 libdns-export162-udeb 
libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 
libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 
libirs-export141-udeb
Architecture: source
Version: 1:9.10.3.dfsg.P4-1
Distribution: xenial
Urgency: medium
Maintainer: LaMont Jones <lam...@debian.org>
Changed-By: LaMont Jones <lam...@debian.org>
Description:
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-140 - BIND9 Shared Library used by BIND
 libdns-export162 - Exported DNS Shared Library
 libdns-export162-udeb - Exported DNS library for debian-installer (udeb)
 libdns162  - DNS Shared Library used by BIND
 libirs-export141 - Exported IRS Shared Library
 libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
 libirs141  - DNS Shared Library used by BIND
 libisc-export160 - Exported ISC Shared Library
 libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
 libisc160  - ISC Shared Library used by BIND
 libisccc-export140 - Command Channel Library used by BIND
 libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
 libisccc140 - Command Channel Library used by BIND
 libisccfg-export140 - Exported ISC CFG Shared Library
 libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg140 - Config File Handling Library used by BIND
 liblwres141 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Changes:
 bind9 (1:9.10.3.dfsg.P4-1) experimental; urgency=medium
 .
   [ ISC ]
   * New upstream: 9.10.3-P3
     - Specific APL data could trigger a INSIST.  (CVE-2015-8704) [RT #41396]
     - render_ecs errors were mishandled when printing out a OPT record
       resulting in a assertion failure.  (CVE-2015-8705) [RT #41397]
     - Fixed a regression in resolver.c:possibly_mark() which caused
       known-bogus servers to be queried anyway. [RT #41321]
   * New upstream: 9.10.3-P4
     - Malformed control messages can trigger assertions in named and rndc.
       (CVE-2016-1285) [RT #41666]
     - Fix resolver assertion failure due to improper DNAME handling when
       parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
     - Duplicate EDNS COOKIE options in a response could trigger an
       assertion failure. (CVE-2016-2088) [RT #41809]
 .
   [LaMont Jones]
 .
   * Do not build -export libs for libbind90 and liblwres.  Relates in part
     to, and is the last fix to LP: #1551351
   * update patches for 9.10.3.dfsg.P4.  Drop 50_CVE_2015-8704.diff
 .
   [ Stefan Bader ]
 .
   * Do not modify signal handlers for external apps. LP: #1556175
Checksums-Sha1:
 361d84ba92889e4c1037ed3909aaa854bbffaf6e 3699 bind9_9.10.3.dfsg.P4-1.dsc
 36d20fd54a67b1fbcb65277887bf150070207210 8641072 
bind9_9.10.3.dfsg.P4.orig.tar.gz
 beb6adfe8a5e3356ffd679f43850500ac87cf4d9 64080 
bind9_9.10.3.dfsg.P4-1.debian.tar.xz
Checksums-Sha256:
 99ef223d5b9168c86b33c26e74e1d4d698c664e5bce53e051e3fea90d54fa9f4 3699 
bind9_9.10.3.dfsg.P4-1.dsc
 895077c868d06eea39c1526624f2278a3b51a3358b5aa50f48a0f1c16a7ab6e6 8641072 
bind9_9.10.3.dfsg.P4.orig.tar.gz
 136db01be75a2c2eb6c61451c804bc48fe32d471ce59b4582f5366d66f3e26dc 64080 
bind9_9.10.3.dfsg.P4-1.debian.tar.xz
Files:
 871c335360465eca92ce5123a118a06b 3699 net optional bind9_9.10.3.dfsg.P4-1.dsc
 909aa9f0c48b7c2d0d604ea78d9fc607 8641072 net optional 
bind9_9.10.3.dfsg.P4.orig.tar.gz
 21710521a75495d20ce172009dd9083f 64080 net optional 
bind9_9.10.3.dfsg.P4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVusgK9VHlGMnADo/AQhGfA/+KbfZ2b7WeeDbOYlbiTI/R3l4/vT2L0J4
u80ztv4kNZWc8Xv2bUuTqBTDrYNJUh+BEUPIlnZ2MFujCosDE8/Is417k7YsKs+u
2ivGNXWV680epOC0A5dopAc4UDAZ/Clnhj0FS4x34Cl1Hh626Z3NWTa5t+aYpCHf
PpZHlZvFe8FQb6dmucHFOoo5m9jOQoK27uS+HW4R/cBWqNmAjOH6oR3su344w9Az
oMUlT9DaWlcl88tqMCCGtFH8M6K2zPhaKhvX/dF8hMIY2UCvnaqwL95wXwWoWf+Y
3Nx/FvpfdBueLnH/dPvDTkYS6p5zhpNsKoxEptGI4FW/D3ZnpcoyZRqePfizOA4n
ofdtfvY9x6CmmHKL2pjWtyHKFP8fcCkbV5wjji9VmXFG7TkxSGBZ9zqcj+YBrHBK
kQ0UmylzxP94Sl2Nl42Zpx/cQDT+oT6dAiaFTydIm+YYEepO4hxkkXl5+8wfARLE
rH0jkWMSUgRP5giH2+NFSED6ae6TRABwf3JXYHBADyHosvg299lUlDshOUHOFA0Y
iVqYxhFgf1JUElkpOHLMt1F/hImZDRJmRKXlvjBa4Nqgemoq1kdW+ACzoG8l4bTW
srPt9BcHEXekaqTXg6YG7Rb6ZLkpNvuIh55VbY+oooA4i28aZ3nTiwPiix3OyUDJ
nR5Edez8C/8=
=PEdW
-----END PGP SIGNATURE-----

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes