Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c518c799 by Salvatore Bonaccorso at 2026-06-28T07:16:52+02:00
Track fixed version for pdns-recursor issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1716,37 +1716,37 @@ CVE-2026-40011 (An attacker sending a large number of 
crafted DNS queries might
        NOTE: 
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-40011-prometheus-denial-of-service-via-crafted-dns-queries
 CVE-2026-52690 (Spoofing replies to Recursor might mark an IP of an 
authoritative serv ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable
 CVE-2026-42387 (A malicious authoritative server can send a crafted zone via 
the ZoneT ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache
 CVE-2026-42388 (Incomplete validation of the SOA record present in a catalog 
zone migh ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones
 CVE-2026-42389 (This fix provides extra hardening for the 5.4.x branch by 
doing extra  ...)
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [trixie] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
        [bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
        [bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, 
only affects 5.4.x)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values
 CVE-2026-42390 (An invalid zone might pass ZONEMD validation while it should 
not. This ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed
 CVE-2026-42005 (An attacker can send a web request that causes unlimited 
memory  alloc ...)
        {DSA-6369-1 DSA-6368-1 DSA-6367-1}
-       - pdns-recursor 5.3.0-1
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        - pdns 5.1.2-1
@@ -1762,13 +1762,13 @@ CVE-2026-42005 (An attacker can send a web request that 
causes unlimited memory
        NOTE: 
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html#cve-2026-42005-insufficient-input-validation-of-internal-web-server
 CVE-2026-40012 (ECS zero scoped answers are stored in the packet cache while 
they shou ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs
 CVE-2026-33612 (A malicious authoritative server can send a crafted zone via 
the ZoneT ...)
        {DSA-6369-1}
-       - pdns-recursor <unfixed>
+       - pdns-recursor 5.4.3-1
        [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c518c7990d6070262dbca4d0819844e67d3504cb
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to