Your message dated Tue, 09 May 2017 04:48:34 +0000
with message-id <e1d7x4c-000gww...@fasolo.debian.org>
and subject line Bug#860225: fixed in bind9 1:9.10.3.dfsg.P4-12.3
has caused the Debian Bug report #860225,
regarding bind9: CVE-2017-3137: A response packet can cause a resolver to 
terminate when processing an answer containing a CNAME or DNAME
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bind9
Version: 1:9.9.5.dfsg-9
Severity: grave
Tags: patch upstream security fixed-upstream

Hi,

the following vulnerability was published for bind9.

CVE-2017-3137[0]:
|A response packet can cause a resolver to terminate when processing an
|answer containing a CNAME or DNAME

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-3137
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137
[1] https://kb.isc.org/article/AA-01466

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

--- End Message ---
--- Begin Message ---
Source: bind9
Source-Version: 1:9.10.3.dfsg.P4-12.3

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 May 2017 15:22:46 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 
libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils 
lwresd libbind-export-dev libdns-export162 libdns-export162-udeb 
libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 
libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 
libirs-export141-udeb
Architecture: all source
Version: 1:9.10.3.dfsg.P4-12.3
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lam...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 860224 860225 860226
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 host       - Transitional package
 libbind-dev - Static Libraries and Headers used by BIND
 libbind-export-dev - Development files for the exported BIND libraries
 libbind9-140 - BIND9 Shared Library used by BIND
 libdns-export162 - Exported DNS Shared Library
 libdns-export162-udeb - Exported DNS library for debian-installer (udeb)
 libdns162  - DNS Shared Library used by BIND
 libirs-export141 - Exported IRS Shared Library
 libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
 libirs141  - DNS Shared Library used by BIND
 libisc-export160 - Exported ISC Shared Library
 libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
 libisc160  - ISC Shared Library used by BIND
 libisccc-export140 - Command Channel Library used by BIND
 libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
 libisccc140 - Command Channel Library used by BIND
 libisccfg-export140 - Exported ISC CFG Shared Library
 libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
 libisccfg140 - Config File Handling Library used by BIND
 liblwres141 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Changes:
 bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Dns64 with "break-dnssec yes;" can result in a assertion failure
     (CVE-2017-3136) (Closes: #860224)
   * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
     assertion failures (CVE-2017-3137) (Closes: #860225)
   * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
     (Closes: #860226)
Checksums-Sha1: 
 c42a613458bb1a31a8dfc902fbdf4cb28134f0bf 3913 bind9_9.10.3.dfsg.P4-12.3.dsc
 292ae99f2860c761f4242e47e555be65a3b0b002 81480 
bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
 ac70390e89047a73cda40e04dfdfbe982daaa935 377824 
bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
 6839fa4972999805ed716e7c2ce1f1e12a2d7e86 185186 
host_9.10.3.dfsg.P4-12.3_all.deb
Checksums-Sha256: 
 b39ed8bb8cade9b939ee8fd0144097f046db8392c4f3cf1e7ee5c97e6a3f0417 3913 
bind9_9.10.3.dfsg.P4-12.3.dsc
 4dd1a5764ac39275598bf96f45d3d7f92d9c0f11d96bebe7b652ed85ada1e98f 81480 
bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
 2978dd2869f0d780b8616922d8446993533fcd59565a828961c4b0acb5637763 377824 
bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
 cfe04de2b313771e1dc9ddbb466afbe17378427b49fad1fd94dd6e3500f23c63 185186 
host_9.10.3.dfsg.P4-12.3_all.deb
Files: 
 938c0473b9a3fa2b52cbdf7b264794c7 3913 net optional 
bind9_9.10.3.dfsg.P4-12.3.dsc
 0b8b0bfd27b6247252fc4d2aa55b20c7 81480 net optional 
bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
 d0d2c67da0ad57da02d5e4c240e1c441 377824 doc optional 
bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
 ac6b79f92b9eceebca43b8d697f9e59e 185186 net standard 
host_9.10.3.dfsg.P4-12.3_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkPMbxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ElZcP/19SYv4n3Lo4WCPCIjSbLN5v1YxUSc45
te6NFRi70CTP5vYAX4W5v2HazHvvpCaAYQUxjbd+RuaARiKsl//iOsHkHHMcl27t
9Gs++KQXJYhqRbDuUcxY7oS0AQ5a1RYGJRJABxJ2fZ2eA/W8IcCX0R3bLrboHvjt
W8M7CnUn83mfl4oIIuUHHUSLJMHOuwfyKVQQ3DRwcemGJBrxvXi0DVxel6rHr9cj
+83xj3gKKAnJ82A7rjbtcPD61Bxc1AXCTanUPHNLUux52oRhVXFHMDFGkj4dhyxR
Y68Sn4aGoEaWshdMmkJqSxFEGSiXx4cfbO/WRag6qEOhTI+KVQIDwfA9iACD8Ej2
Grgtirap+gzbnZ+5DWFN/ieUMbDgsN8mw8D7zO8gnXAKs+ljVD7/OsBY4yD0MZef
eIsbRlMkx/2P2grtTQ9n4bAThju0wqXHyd+yBdNcqBLTz1hhsENB23PP6C9kTBKN
oN6VULdUpW9TRIykhU746dyLQjjs2sHyTioeHSNV53f2YcSp+rKmv7bM0DWSUqVg
38unXRkN8kUJ+8+zGO9Kq7PJYPfiQ+RO0BuZUmSD+d3itAdab41nyxFhu9tMklyf
u9TRl8F0gOH7NYHnq/Digr3Sixzy2nROBwF4TEq+XaKhdGm3yOUobga/+80WKw1c
vmD3pFVRwmr9
=t00v
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to