Your message dated Thu, 30 Jul 2015 00:48:58 +0000 with message-id <e1zkc1q-0000k2...@franck.debian.org> and subject line Bug#793903: fixed in bind9 1:9.9.5.dfsg-11 has caused the Debian Bug report #793903, regarding bind9: CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 793903: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793903 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bind9 Version: 1:9.7.3.dfsg-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for bind9. CVE-2015-5477[0]: | An error in handling TKEY queries can cause named to exit with a | REQUIRE assertion failure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5477 [1] https://kb.isc.org/article/AA-01272/0 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.9.5.dfsg-11 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jul 2015 23:46:48 +0000 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb Architecture: source all Version: 1:9.9.5.dfsg-11 Distribution: unstable Urgency: high Maintainer: LaMont Jones <lam...@debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-90 - BIND9 Shared Library used by BIND libdns-export100 - Exported DNS Shared Library libdns-export100-udeb - Exported DNS library for debian-installer (udeb) libdns100 - DNS Shared Library used by BIND libirs-export91 - Exported IRS Shared Library libirs-export91-udeb - Exported IRS library for debian-installer (udeb) libisc-export95 - Exported ISC Shared Library libisc-export95-udeb - Exported ISC library for debian-installer (udeb) libisc95 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg-export90 - Exported ISC CFG Shared Library libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Closes: 793903 Changes: bind9 (1:9.9.5.dfsg-11) unstable; urgency=high . * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit (closes: #793903). Checksums-Sha1: 2219b4351c26989c0652917cf85a8397c0705de3 4117 bind9_9.9.5.dfsg-11.dsc 0c663b6a55cb6c4e239d7dda28dc2cffc36cb8c2 108582 bind9_9.9.5.dfsg-11.diff.gz a92574641d06b927ef09e221fa7b459d224ab222 338920 bind9-doc_9.9.5.dfsg-11_all.deb b2b9f1df2d22836c409665126ff93abb4b8ab9e6 22710 host_9.9.5.dfsg-11_all.deb Checksums-Sha256: 8d7302d6bf42ae3d7ce8b7cecf0381c6145cc8b1e10570d73650e6f75d9f1a9e 4117 bind9_9.9.5.dfsg-11.dsc 2ff6f4572d3c6552bf900857243c65512100da9ad355f9426b0eab26ddced03b 108582 bind9_9.9.5.dfsg-11.diff.gz 87359b9e59153725c43bbe60d175acaddd11259ef632df564a2582a81df8f7bd 338920 bind9-doc_9.9.5.dfsg-11_all.deb 99341797fae6b0bd6bf75d032ccdb8f092dc20eeeaa66d67be582f996f9f2582 22710 host_9.9.5.dfsg-11_all.deb Files: b06c46f8133cd6189ece5874f47623a6 4117 net optional bind9_9.9.5.dfsg-11.dsc dc1dd20c8beb4886940940908ec6c519 108582 net optional bind9_9.9.5.dfsg-11.diff.gz af71aa973bef7a5c96606b6a123212a8 338920 doc optional bind9-doc_9.9.5.dfsg-11_all.deb 85102cc170dfbb465c7fa6dfa0ab5938 22710 net standard host_9.9.5.dfsg-11_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJVuXFOAAoJELjWss0C1vRz9NogALkqtvLf3gghEAXITj66HCF9 s33Fb/lT77oz8R3CAcQg7QK9eNxWygo060NnttLql1sKYH1nMhOzQZDGt+TGzt8O ajU+uty/1Rw3z2lOgE5UDJxy/BjNbp+0dwLw2G4clxKwYvGa5Lg90EheQnvAP/nC /64l/DmbycUxuNxYoUbR381SusyTYwVSNTSDKAlTD82Gn92yAKpIe+sT+ryAQp5n Nl+4aBqzAHnkD0oM7y262VsN7xQ2j+Fos2JlPH+nbCHm4uCkjvpIlEhlw3HwqFym 5Njpa/Z9aWgumfDim15HNizoJ/t5YxohQTzWz/Bwq0W0dP6ugjPpGgK3h1HKxTm+ TWu9IEYjpMRnBeKKyH+gnKanFbHEpXdFle5Zhl6puLUjLi1XKd2pXnhnN6O9DXYR kuF3774aspngisqcgu6iLfWFLj+nG2XVqa2CToz/GbjzlYNSnoGtOKmYYkvGHfvG ob53aYgnAFNzJUYyXWWVeKuPEdCvzdxGoWaVrZPtGi/wnZeqpLR5VnWat6kYthTl kgjeUIds1f5thj94tESO7gUQ3pHww2HjSSOToY6ILBNP9FN+wEPnvN2vYKcFqipX L+hoOot0tHNJYEKb0BP9g6ZJHgMGcz5XhxYYvml4/nehRq6O/OKmKT4t5/Bs5LEL 9li/TDHSm5uLn54vYRv1S8mjNtEgdAwC1ucUweZGEpbnkichmHazhwZl3BJ9u0Qz xamjBhtMpg5Scl+zbMwK/NSnK32LCrEsTj2hXGfQa0ErhShbeusOtTivmnBF9Xxa +rwxq/epOeDOiBKNztY3MAUmTx1zk/Q48sBJH+ff16vdOUUbWrJE0W2061cgNMqc okyUhRVLgeJlV1GvxCf+T7C1h/f8JgQLIyINPM5MnDM3WG6HBCw/Ptf/3lJ7P1qg GtcXX2O0o6SBLvvKIk+j+4OevzCytEAAf8Bhy/E6CnyaCqqrfV+jsa4R16K8RJUo XMVdNt+RYizdxyzEx7f79C3UPtH6LdFGGhbkUxi6i8ptj9CLCugDuXipEzazxcS5 /MyAH7rdOgnvainF0ZkDbaSAZr7SmkpXLX5O6YLn6CvcAZ8bXVUNjPawWOjWIXx+ WsmwOKxuCkWtFY3/ImtVoKxmh15C2Bro9RdFO5HsHgyNn89EDvakLKMpgQSMURvV UTYKUa8WaJywSskHGVq7ah+8tlyzfIgfIVzptM1y3LlDYMui83C7uG8gHi5hpBUJ jB/5HbvwZ1Sp+vjV+1zS19XKbfeJt4GufdraE5CBkwrSKh13ESCEs5csiWBGFfbG IOjogBWLxeRPEbWuR+Ca9nMtpM/b1o9fTe5Ox5Mk9LhtMHxdOx5Ti1P7uN//C70= =AbrP -----END PGP SIGNATURE-----
--- End Message ---
