Your message dated Thu, 20 Feb 2020 06:04:20 +0000
with message-id <e1j4ewe-000biu...@fasolo.debian.org>
and subject line Bug#947403: fixed in golang-github-miekg-dns 1.1.26-1
has caused the Debian Bug report #947403,
regarding golang-github-miekg-dns: CVE-2019-19794
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
947403: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947403
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-miekg-dns
Version: 1.0.4+ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/miekg/dns/issues/1043

Hi,

The following vulnerability was published for golang-github-miekg-dns.

CVE-2019-19794[0]:
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before
| 1.6.6 and other products, improperly generates random numbers because
| math/rand is used. The TXID becomes predictable, leading to response
| forgeries.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-19794
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19794
[1] https://github.com/miekg/dns/issues/1043

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: golang-github-miekg-dns
Source-Version: 1.1.26-1
Done: Dmitry Smirnov <only...@debian.org>

We believe that the bug you reported is fixed in the latest version of
golang-github-miekg-dns, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 947...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <only...@debian.org> (supplier of updated 
golang-github-miekg-dns package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 30 Dec 2019 12:05:08 +1100
Source: golang-github-miekg-dns
Architecture: source
Version: 1.1.26-1
Distribution: unstable
Urgency: medium
Maintainer: pkg-go <pkg-go-maintain...@lists.alioth.debian.org>
Changed-By: Dmitry Smirnov <only...@debian.org>
Closes: 939217 947403
Changes:
 golang-github-miekg-dns (1.1.26-1) unstable; urgency=medium
 .
   [ Alexandre Viau ]
   * Point Vcs-* urls to salsa.debian.org.
 .
   [ Martín Ferrari ]
   * debian/control: Depend on latest x/net.
   * debian/control: Update golang dependency to 1.10.
 .
   [ Dmitry Smirnov ]
   * New upstream release
     + fixed CVE-2019-19794 (Closes: #947403)
   * Build with "go generate"
   * (Build-)Depends += "golang-golang-x-sync-dev"
   * Removed transitional package "golang-dns-dev" (Closes: #939217)
     Thanks, Holger Levsen.
   * DH to version 12
   * Standards-Version: 4.4.1
   * Added myself to Uploaders
Checksums-Sha1:
 9c314d283044b64975434aec4f0e26dbfd6cfd5c 2413 
golang-github-miekg-dns_1.1.26-1.dsc
 402f1f2af6e40662467187d7aae9b3f31a035f21 143892 
golang-github-miekg-dns_1.1.26.orig.tar.xz
 47a6447dd6cf800d348734d1841b07838f805e45 5312 
golang-github-miekg-dns_1.1.26-1.debian.tar.xz
 62eab0c9b0ed93cb58b1f518622c4053dcd1989f 6331 
golang-github-miekg-dns_1.1.26-1_amd64.buildinfo
Checksums-Sha256:
 606f85c178ddbc19c2e65822d6114152999a2c4773d2f798302310c524de84dc 2413 
golang-github-miekg-dns_1.1.26-1.dsc
 0f62be201f8711ad6e23d61808f779305879e65b489589436dc23b89681f3008 143892 
golang-github-miekg-dns_1.1.26.orig.tar.xz
 548dcff4100bdbe5864df11a6f0719953fe8997188df128eb7e4f6977c9f4478 5312 
golang-github-miekg-dns_1.1.26-1.debian.tar.xz
 3213566c0400c0d44290a466aaa70b2531028254f078ba33be5451df27af84c2 6331 
golang-github-miekg-dns_1.1.26-1_amd64.buildinfo
Files:
 8b26c0b0635a4e0c547cdf043d867b67 2413 devel optional 
golang-github-miekg-dns_1.1.26-1.dsc
 fa6411bc496254ac4fe672611b2d4022 143892 devel optional 
golang-github-miekg-dns_1.1.26.orig.tar.xz
 c110998f5e1d8aef121eb1ba38b7637d 5312 devel optional 
golang-github-miekg-dns_1.1.26-1.debian.tar.xz
 bf03d23b4ea6bd251ff5ca0b3874c428 6331 devel optional 
golang-github-miekg-dns_1.1.26-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAl5OHu0ACgkQUra72VOW
jRvbfw/+N9G5dPQWNoo/LnKCT6ZhYJSlnD46U59GkY2S/9wQvMloO6Vd3oQQyw+s
fXA+D5tunz/c3Cdgv8OqGWb4CYgk+zl+8xj4/w+zfBO0fwC4mYjZchVp5PNDdy1W
7Yybio1j3LQVSPIlJzJor59n1x+vHzG1HLG0zwd2I+lH9Q+MZG54Sc1rMIpbiWap
6AGVTjcx5LztBlPa30kajsupIXb0TaLjvYCQ0iCQMW2h4UL2gp68R8418yF+mSmA
0ArxgrcEdswmfb56ALQvO8wKIAAQ+yfqJLY++Uz22YpJY63qsi/TBESjzad+itPz
TeN33N6pZDfs4cbt6qKQKOLSdPO+hQx3YK9AdCpShTPPu2DBQ0JeyKxpHS948wS2
WhHm4m05DIEVtPUPxiJ8lZFapdiQsi9owp/zMXZUaJJhGEMACVZ6IMTxvRQgsC1o
iSHEMqE3rP8XhiIf+VIvD+pTQfeiO7FxaErQc+Mm9AH/0GOWmHNl4EX4QQOM3P96
QGycTomWsZKzfIvQZBP8P2WHUivC6aB876y+gsdSuL+KaCLSE2Qlocjnn7O0A9P0
AhyopXTz3CcM2gvTWsOy6dYyyDP9P3jz8sqFXoNw7iCXeYWo3kHRzldw+BmYe5SO
c+X01oiNsksNMJylYX4nUUzFQPqGOr4UpjZt93p+gyAZ+vSHSPE=
=4pD0
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

Reply via email to