Your message dated Thu, 20 Feb 2020 06:04:20 +0000 with message-id <e1j4ewe-000biu...@fasolo.debian.org> and subject line Bug#947403: fixed in golang-github-miekg-dns 1.1.26-1 has caused the Debian Bug report #947403, regarding golang-github-miekg-dns: CVE-2019-19794 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 947403: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947403 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: golang-github-miekg-dns Version: 1.0.4+ds-1 Severity: important Tags: security upstream Forwarded: https://github.com/miekg/dns/issues/1043 Hi, The following vulnerability was published for golang-github-miekg-dns. CVE-2019-19794[0]: | The miekg Go DNS package before 1.1.25, as used in CoreDNS before | 1.6.6 and other products, improperly generates random numbers because | math/rand is used. The TXID becomes predictable, leading to response | forgeries. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19794 [1] https://github.com/miekg/dns/issues/1043 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: golang-github-miekg-dns Source-Version: 1.1.26-1 Done: Dmitry Smirnov <only...@debian.org> We believe that the bug you reported is fixed in the latest version of golang-github-miekg-dns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 947...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Smirnov <only...@debian.org> (supplier of updated golang-github-miekg-dns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 30 Dec 2019 12:05:08 +1100 Source: golang-github-miekg-dns Architecture: source Version: 1.1.26-1 Distribution: unstable Urgency: medium Maintainer: pkg-go <pkg-go-maintain...@lists.alioth.debian.org> Changed-By: Dmitry Smirnov <only...@debian.org> Closes: 939217 947403 Changes: golang-github-miekg-dns (1.1.26-1) unstable; urgency=medium . [ Alexandre Viau ] * Point Vcs-* urls to salsa.debian.org. . [ MartÃn Ferrari ] * debian/control: Depend on latest x/net. * debian/control: Update golang dependency to 1.10. . [ Dmitry Smirnov ] * New upstream release + fixed CVE-2019-19794 (Closes: #947403) * Build with "go generate" * (Build-)Depends += "golang-golang-x-sync-dev" * Removed transitional package "golang-dns-dev" (Closes: #939217) Thanks, Holger Levsen. * DH to version 12 * Standards-Version: 4.4.1 * Added myself to Uploaders Checksums-Sha1: 9c314d283044b64975434aec4f0e26dbfd6cfd5c 2413 golang-github-miekg-dns_1.1.26-1.dsc 402f1f2af6e40662467187d7aae9b3f31a035f21 143892 golang-github-miekg-dns_1.1.26.orig.tar.xz 47a6447dd6cf800d348734d1841b07838f805e45 5312 golang-github-miekg-dns_1.1.26-1.debian.tar.xz 62eab0c9b0ed93cb58b1f518622c4053dcd1989f 6331 golang-github-miekg-dns_1.1.26-1_amd64.buildinfo Checksums-Sha256: 606f85c178ddbc19c2e65822d6114152999a2c4773d2f798302310c524de84dc 2413 golang-github-miekg-dns_1.1.26-1.dsc 0f62be201f8711ad6e23d61808f779305879e65b489589436dc23b89681f3008 143892 golang-github-miekg-dns_1.1.26.orig.tar.xz 548dcff4100bdbe5864df11a6f0719953fe8997188df128eb7e4f6977c9f4478 5312 golang-github-miekg-dns_1.1.26-1.debian.tar.xz 3213566c0400c0d44290a466aaa70b2531028254f078ba33be5451df27af84c2 6331 golang-github-miekg-dns_1.1.26-1_amd64.buildinfo Files: 8b26c0b0635a4e0c547cdf043d867b67 2413 devel optional golang-github-miekg-dns_1.1.26-1.dsc fa6411bc496254ac4fe672611b2d4022 143892 devel optional golang-github-miekg-dns_1.1.26.orig.tar.xz c110998f5e1d8aef121eb1ba38b7637d 5312 devel optional golang-github-miekg-dns_1.1.26-1.debian.tar.xz bf03d23b4ea6bd251ff5ca0b3874c428 6331 devel optional golang-github-miekg-dns_1.1.26-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAl5OHu0ACgkQUra72VOW jRvbfw/+N9G5dPQWNoo/LnKCT6ZhYJSlnD46U59GkY2S/9wQvMloO6Vd3oQQyw+s fXA+D5tunz/c3Cdgv8OqGWb4CYgk+zl+8xj4/w+zfBO0fwC4mYjZchVp5PNDdy1W 7Yybio1j3LQVSPIlJzJor59n1x+vHzG1HLG0zwd2I+lH9Q+MZG54Sc1rMIpbiWap 6AGVTjcx5LztBlPa30kajsupIXb0TaLjvYCQ0iCQMW2h4UL2gp68R8418yF+mSmA 0ArxgrcEdswmfb56ALQvO8wKIAAQ+yfqJLY++Uz22YpJY63qsi/TBESjzad+itPz TeN33N6pZDfs4cbt6qKQKOLSdPO+hQx3YK9AdCpShTPPu2DBQ0JeyKxpHS948wS2 WhHm4m05DIEVtPUPxiJ8lZFapdiQsi9owp/zMXZUaJJhGEMACVZ6IMTxvRQgsC1o iSHEMqE3rP8XhiIf+VIvD+pTQfeiO7FxaErQc+Mm9AH/0GOWmHNl4EX4QQOM3P96 QGycTomWsZKzfIvQZBP8P2WHUivC6aB876y+gsdSuL+KaCLSE2Qlocjnn7O0A9P0 AhyopXTz3CcM2gvTWsOy6dYyyDP9P3jz8sqFXoNw7iCXeYWo3kHRzldw+BmYe5SO c+X01oiNsksNMJylYX4nUUzFQPqGOr4UpjZt93p+gyAZ+vSHSPE= =4pD0 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
