Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c518c799 by Salvatore Bonaccorso at 2026-06-28T07:16:52+02:00
Track fixed version for pdns-recursor issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1716,37 +1716,37 @@ CVE-2026-40011 (An attacker sending a large number of
crafted DNS queries might
NOTE:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40011-prometheus-denial-of-service-via-crafted-dns-queries
CVE-2026-52690 (Spoofing replies to Recursor might mark an IP of an
authoritative serv ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
CVE-2026-42387 (A malicious authoritative server can send a crafted zone via
the ZoneT ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
CVE-2026-42388 (Incomplete validation of the SOA record present in a catalog
zone migh ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
CVE-2026-42389 (This fix provides extra hardening for the 5.4.x branch by
doing extra ...)
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[trixie] - pdns-recursor <not-affected> (Vulnerable code not present,
only affects 5.4.x)
[bookworm] - pdns-recursor <not-affected> (Vulnerable code not present,
only affects 5.4.x)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code not present,
only affects 5.4.x)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
CVE-2026-42390 (An invalid zone might pass ZONEMD validation while it should
not. This ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
CVE-2026-42005 (An attacker can send a web request that causes unlimited
memory alloc ...)
{DSA-6369-1 DSA-6368-1 DSA-6367-1}
- - pdns-recursor 5.3.0-1
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
- pdns 5.1.2-1
@@ -1762,13 +1762,13 @@ CVE-2026-42005 (An attacker can send a web request that
causes unlimited memory
NOTE:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42005-insufficient-input-validation-of-internal-web-server
CVE-2026-40012 (ECS zero scoped answers are stored in the packet cache while
they shou ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
CVE-2026-33612 (A malicious authoritative server can send a crafted zone via
the ZoneT ...)
{DSA-6369-1}
- - pdns-recursor <unfixed>
+ - pdns-recursor 5.4.3-1
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits