Your message dated Tue, 22 Aug 2017 13:34:35 +0000
with message-id <[email protected]>
and subject line Bug#872854: fixed in dnsdist 1.2.0-1
has caused the Debian Bug report #872854,
regarding dnsdist: CVE-2016-7069 CVE-2017-7557
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
872854: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872854
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dnsdist
Version: 1.1.0-2
Severity: important
Tags: security patch upstream
Hi,
the following vulnerabilities were published for dnsdist, not filling
two bugs individually since 1.1.0 is commont for all affected suites.
CVE-2016-7069[0]:
Crafted backend responses can cause a denial of service
CVE-2017-7557[1]:
Alteration of ACLs via API authentication bypass
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7069
[1] https://security-tracker.debian.org/tracker/CVE-2017-7557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 1.2.0-1
We believe that the bug you reported is fixed in the latest version of
dnsdist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <[email protected]> (supplier of updated dnsdist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 22 Aug 2017 09:47:47 +0000
Source: dnsdist
Binary: dnsdist
Architecture: source
Version: 1.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian DNS Packaging <[email protected]>
Changed-By: Christian Hofstaedtler <[email protected]>
Description:
dnsdist - DNS loadbalancer
Closes: 872854
Changes:
dnsdist (1.2.0-1) unstable; urgency=medium
.
* New upstream version 1.2.0, fixes CVE-2016-7069, CVE-2017-7557.
(Closes: #872854)
* Install config example
* Remove now-default options to dh
* Force rebuild of dnslabeltext.cc
* Update debian/copyright
* Bump Standards-Version to 4.1.0
Checksums-Sha1:
b355f80d24299ddfd5373a49d533b10b41fa3e7d 2291 dnsdist_1.2.0-1.dsc
c1af8fbf8a4c5a5bbb1c5154974cf640ffa26acb 876104 dnsdist_1.2.0.orig.tar.bz2
ed06b35189497695c2d4681d763886e208371184 525 dnsdist_1.2.0.orig.tar.bz2.asc
5f6777bf620983167f720728a6eca17275b9a1c4 15532 dnsdist_1.2.0-1.debian.tar.xz
df797bd509a16ebcf08fbe0779d090de9b91c4b5 5759 dnsdist_1.2.0-1_source.buildinfo
Checksums-Sha256:
886bce16efd38848e701115a1dfd06be30bf2135bf547fc32a551b3d8e3b5290 2291
dnsdist_1.2.0-1.dsc
9885c9ee8ac7076aede586ea58d4642eb877e7b2d76c902254494e2a5a5faa78 876104
dnsdist_1.2.0.orig.tar.bz2
30fa061947a940bb4c3723f967c921c96e9f95e3babf44fe3abe7896bcc1c9f3 525
dnsdist_1.2.0.orig.tar.bz2.asc
90d70833f3f60054e0c29b2d2138f7d8461a55582ade5637698b014710cd60b6 15532
dnsdist_1.2.0-1.debian.tar.xz
7625d84a809016b346eea31844084f96dcacaddbf484ddcc44d93fedb3799462 5759
dnsdist_1.2.0-1_source.buildinfo
Files:
7dd59e2f2780a24b08aea281860de8a9 2291 net optional dnsdist_1.2.0-1.dsc
4d3752fb995951362ae83f219436f0f8 876104 net optional dnsdist_1.2.0.orig.tar.bz2
16892ad68b7116b73498ffbb74ac1273 525 net optional
dnsdist_1.2.0.orig.tar.bz2.asc
26a9d9bdaa41b1315f0574bca4cf5342 15532 net optional
dnsdist_1.2.0-1.debian.tar.xz
7c851035381afa42a83dd984bc79d185 5759 net optional
dnsdist_1.2.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAlmcL70ACgkQXBPW25MF
LgPkbw//ZJa0XxCoUcBTKjUeW+ilafgn3ZZHWSuM9TDpz74zcjlZXjE2Ktg59dzR
RtWMTCv9ghHO56TYmr5Aj8LTj9rqNrNNpZaTjU062OA2E4n2D71Rw49d4hPCVvVk
vRMj+7LiKa8e4Kfr8QIwEvNubJfZK+1WUMDdmrUUyALAz7rXS7M1uDWnutI2rOx+
lGqRFi0C8yD0AaAlpMjYhM/HtmYynpkwUha13FmHPXFc2G1sk83s6rc6MIRjaym2
g6LpJVAiYz5pXBHcYmNEcigyScKbpG5VWc9EUtZtEPxCEZ6LjgBhENIK+rbPKnAp
VvSCORSWE1CU/4ZmPAB+lSZkZV40di03t3CuQs6a/THt7xciXdWqIDd2cvKEoR+/
K296GjL2IBHvI/3z9tqnBn/xC0RCbCR8gOvHtPXgB1AQYVZ/INVQ0UodEcKNwuIT
OoeSOJtHw9yjUYcGHDzy+hPxzyJJO2SE5pO3clD2cVCth91GSO/bYTD88QTInK8C
SvNqonM6Hn6Z7YQRMk03Xfqb4J0pYj9KbYKcQe85846qWkqbr6akE6RN0674i5rc
xfGs885WtCEsT5BeHBJPPWcwyPcciq86PWKw9UMrf+2S1i1fXMaEUFxO+RG+wt8+
qqrnAqeSIRKO+WA5PEaLh/JKfKAnjT9d+osv8AThhM+akz55348=
=M5zw
-----END PGP SIGNATURE-----
--- End Message ---
