** Summary changed: - Please merge 1:9.10.3.dfsg.P4-10.1ubuntu6 -> 1:9.10.3.dfsg.P4-12.5 + Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5
** Description changed: - Please sync with debian and merge 1:9.10.3.dfsg.P4-10.1ubuntu6 -> - 1:9.10.3.dfsg.P4-12.3 + bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium + + * Non-maintainer upload. + * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG + signed TCP message sequences where not all the messages contain TSIG + records. These may be used in AXFR and IXFR responses. + (Closes: #868952) + + -- Salvatore Bonaccorso Fri, 21 Jul 2017 22:28:32 +0200 + + bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high + + * Non-maintainer upload. + + [ Yves-Alexis Perez ] + * debian/patches: + - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses + CVE-2017-3142: error in TSIG authentication can permit unauthorized zone + transfers. An attacker may be able to circumvent TSIG authentication of + AXFR and Notify requests. + CVE-2017-3143: error in TSIG authentication can permit unauthorized + dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0) + signature for a dynamic update. + (Closes: #866564) + + -- Salvatore Bonaccorso Sun, 16 Jul 2017 22:13:21 +0200 + + bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high + + * Non-maintainer upload. + * Dns64 with "break-dnssec yes;" can result in a assertion failure + (CVE-2017-3136) (Closes: #860224) + * Some chaining (CNAME or DNAME) responses to upstream queries could trigger + assertion failures (CVE-2017-3137) (Closes: #860225) + * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138) + (Closes: #860226) + + -- Salvatore Bonaccorso Sun, 07 May 2017 15:22:46 +0200 + + bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium + + * Non-maintainer upload. + * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes + hangs and crashes on MIPS. (Closes: #778720) + + -- James Cowgill Tue, 18 Apr 2017 16:42:50 +0100 + + bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use /dev/urandom to avoid blocking in the server process. + (closes: #854243) + + -- Bastian Blank Fri, 17 Mar 2017 19:07:16 +0100 + + bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high + + * Merge and accept the non-maintainer upload. + * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540). + * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if + both DNS64 and RPZ are being used (closes: #855520). + + -- Michael Gilbert Sun, 19 Feb 2017 22:39:32 +0000 + + bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium + + * Non-maintainer upload. + * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot. + Patch by Marc Haber (Closes: #820974). + + -- Arturo Borrero Gonzalez Tue, 07 Feb 2017 10:42:00 +0100 + + bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium + + * Fix some lintian warnings. + * Add lsb-base dependency to lwresd (closes: #848519). + * Fix CVE-2016-2775: crash in lwresd due to a long query name + (closes: #831796). + * Fix CVE-2016-2776: maliciously crafted query can cause named to crash + (closes: #839010). + * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause + named to crash (closes: #842858). + * Fix CVE-2016-9131: maliciously crafted response to an ANY query can + cause named to crash (closes: #851065). + * Fix CVE-2016-9147: query with contradictory DNSSEC information can + cause named to crash (closes: #851063). + * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS) + record can cause named to crash (closes: #851062). + * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now + (closes: #828082). + + [ LaMont Jones ] + * Update VCS fields in control. + * -DDIG_SIGCHASE got dropped by the change in hardening. + + [ Stefan Bader ] + * Use the defaults file in systemd. + + -- Michael Gilbert Thu, 19 Jan 2017 04:03:28 +0000 + + bridge-utils 1.5-9ubuntu2 -> 1.5-14 + + * Last Uploader: Ryan Harper (sponsored by Mathieu Trudel-Lapierre) + + Debian changes newer than ubuntu version: + + bridge-utils (1.5-14) unstable; urgency=low + + * Fix a problem with some vlan interfaces not being created. + + -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 + + bridge-utils (1.5-13) unstable; urgency=low + + * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. + + -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 + + bridge-utils (1.5-12) unstable; urgency=medium + + * Add vlan support so that old setups using vlans as ports don't + break. + + -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 + + bridge-utils (1.5-11) unstable; urgency=low + + * Change /etc/default/bridge-utils to enable addition of hotplugged + interfaces. + * Integration with the vlan package is causing problems, we have + removed it and rely on ifupdown implementing it. Closes: #818849. + + -- Santiago Garcia Mantinan Wed, 14 Dec 2016 23:26:05 +0100 + + bridge-utils (1.5-10) unstable; urgency=low + + * Fix wait when bridge is ready. Thanks Alexander. Closes: #779348. + * Added some documentation on the README.Debian file to comment some + config bugs. Closes: #765000, #815927. + * Clarify pre-up commands changing an example on the man page for + bridge-utils-interfaces. Closes: #783956. + + -- Santiago Garcia Mantinan Thu, 10 Nov 2016 22:23:49 +0100 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1701687 Title: Please merge 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1701687/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
