Your message dated Mon, 4 May 2026 21:41:14 +0200
with message-id <[email protected]>
and subject line Re: Bug#1135373: pdns: CVE-2026-33257 CVE-2026-33260
CVE-2026-33608 CVE-2026-33609 CVE-2026-33610 CVE-2026-33611
has caused the Debian Bug report #1135373,
regarding pdns: CVE-2026-33257 CVE-2026-33260 CVE-2026-33608 CVE-2026-33609
CVE-2026-33610 CVE-2026-33611
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135373
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pdns
Version: 5.0.3-1
Severity: serious
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for pdns.
FTR, marking serious and RC because they are fixed already in a DSA
and there is regression to forky otherwise.
CVE-2026-33257[0]:
| An attacker can send a web request that causes unlimited memory
| allocation in the internal web server, leading to a denial of
| service. The internal web server is disabled by default.
CVE-2026-33260[1]:
| An attacker can send a web request that causes unlimited memory
| allocation in the internal web server, leading to a denial of
| service. The internal web server is disabled by default.
CVE-2026-33608[2]:
| An attacker can send a notify request that causes a new secondary
| domain to be added to the bind backend, but causes said backend to
| update its configuration to an invalid one, leading to the backend
| no longer able to run on the next restart, requiring manual
| operation to fix it.
CVE-2026-33609[3]:
| Incomplete escaping of LDAP queries when running with 8bit-dns
| enabled allows users to perform queries of internal domain subtrees.
CVE-2026-33610[4]:
| A rogue primary server may cause file descriptor exhaustion and
| eventually a denial of service, when a PowerDNS secondary server
| forwards a DNS update request to it.
CVE-2026-33611[5]:
| An operator allowed to use the REST API can cause the Authoritative
| server to produce invalid HTTPS or SVCB record data, which can in
| turn cause LMDB database corruption, if using the LMDB backend.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-33257
https://www.cve.org/CVERecord?id=CVE-2026-33257
[1] https://security-tracker.debian.org/tracker/CVE-2026-33260
https://www.cve.org/CVERecord?id=CVE-2026-33260
[2] https://security-tracker.debian.org/tracker/CVE-2026-33608
https://www.cve.org/CVERecord?id=CVE-2026-33608
[3] https://security-tracker.debian.org/tracker/CVE-2026-33609
https://www.cve.org/CVERecord?id=CVE-2026-33609
[4] https://security-tracker.debian.org/tracker/CVE-2026-33610
https://www.cve.org/CVERecord?id=CVE-2026-33610
[5] https://security-tracker.debian.org/tracker/CVE-2026-33611
https://www.cve.org/CVERecord?id=CVE-2026-33611
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pdns
Source-Version: 5.0.4-1
* Salvatore Bonaccorso <[email protected]> [260501 20:35]:
Source: pdns
Version: 5.0.3-1
Severity: serious
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for pdns.
FTR, marking serious and RC because they are fixed already in a DSA
and there is regression to forky otherwise.
Thanks. Apparently my pdns 5.0.4-1 upload didn't make it into the
upload queue. It's there now.
Best,
Chris
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Apr 2026 20:14:36 +0200
Source: pdns
Architecture: source
Version: 5.0.4-1
Distribution: unstable
Urgency: medium
Maintainer: pdns packagers <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Changes:
pdns (5.0.4-1) unstable; urgency=medium
.
* New upstream version 5.0.4, fuxing security issues:
CVE-2026-33257, CVE-2026-33260, CVE-2026-33608, CVE-2026-33609,
CVE-2026-33610, CVE-2026-33611
Checksums-Sha1:
2ae79bab21ada02f62303d3b8d192800444a877d 3408 pdns_5.0.4-1.dsc
35336c23a680a7d2dd68fa7ed34b09e6e2ae8109 1475132 pdns_5.0.4.orig.tar.bz2
4bae89e62fcc2cf281ae9feac153e170cd0789ff 39048 pdns_5.0.4-1.debian.tar.xz
d04ec00931d2c5b7e444ccb0069971e35d6d5afa 24725 pdns_5.0.4-1_arm64.buildinfo
Checksums-Sha256:
06c409a93b247d4294e21fe5c534531f7648ad46cfff9529a25b18a52c505d46 3408
pdns_5.0.4-1.dsc
36e96d929999efc88bcb734f94dc45f8e292d1040ced0891e664bd0a8edf9d0e 1475132
pdns_5.0.4.orig.tar.bz2
09aebbbfea20d549a38f64db026193ca28776678d60f0748c4d37b32cce350a9 39048
pdns_5.0.4-1.debian.tar.xz
9f327878f3904bb1ffa8d2c9a2bcea8720188c96f406f7bfc16660e3405faeb3 24725
pdns_5.0.4-1_arm64.buildinfo
Files:
d3e2f23eedbeada8e2a4c96de8a357a8 3408 net optional pdns_5.0.4-1.dsc
27faa6ac5354a7f8c66cdbb92daff876 1475132 net optional pdns_5.0.4.orig.tar.bz2
fbbfc6712d3aeee23d31553406640fa3 39048 net optional pdns_5.0.4-1.debian.tar.xz
f7c36963cb0ab8882a85721e47eb6f85 24725 net optional
pdns_5.0.4-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmn48SMACgkQXBPW25MF
LgOG7w//VnF3BfKp1ABIjROWm6kHf8oKn0p/JsfPxL4wRCpweGowEGyFZDvK67cJ
IBumgUcc7wYsrOaOBhYaPe4N/D4sPWZMtWk7sCMm9RkmCH8rtVipmdBpQvL9XJzk
EYoM6A2L/S0ytO6GwmVTJexezSUfWE/58YjPpdNh+l0Ki6t8dmPSBvn62YG1hDBG
cRtzWmPfPABQ8R1bYP80oIb4EoqMBg10Urq3OAhJFoi6aV651lnBM0OWDWRwHs0o
YTEyHQbN+yO11bcAHC129lVmlzH9vc31fpLO10W7gMWrpVGFCrKMbGUlVxCUNWC8
dIK0GGPV12F3ojRlD2vDj9+EiUsj7FeM6IVM1Q/uQT8KtmnIRp0f8eVWP5N8X3tv
f1bxasOFIl2uzDV9hyGjbsxRnEMAfj52ysXlWMIK2cLHzqgXm/uZuDE2QdkUf1wg
8Ycbf/endI3NPjt3BjmQZU06Hbsg3isritIKSV/MlNSBhbyw+wpree77+hVUVPhr
UAgP7z/ETIaH09Gw+iAevvjg9tRFYhOdUyB7gCBWloQCNdyCStxslCOmDlJU6zJK
mgvpVtWF+45SeyLAUcfIxSctyRx2kqMsNRnb7AkESq8IiwsNGV/ShgnBb9C8CJmt
Z9KN81a4MRyKviO1ULLpZHcaFD8xMzRDdxiQuAn30/JlcjtJIe0=
=W6ms
-----END PGP SIGNATURE-----
--- End Message ---
