Control: tags -1 +wheezy You should probably contact the Debian LTS team as it affects wheezy that’s maintained by LTS Team.
Ondrej -- Ondřej Surý <ond...@sury.org> > On 3 Feb 2018, at 11:12, Vladislav Kurz <vladislav.k...@webstep.net> wrote: > > Package: bind9 > Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > Severity: grave > Tags: security > Justification: renders package unusable > > Dear Maintainer, > > This is a followup to archived bug #860225. > > Although > https://security-tracker.debian.org/tracker/CVE-2017-3139 states that > debian is not affected by CVE-2017-3139, I observed this behavior on > debian wheezy: > > Feb 3 08:38:07 server named[16906]: validator.c:1858: INSIST(rdataset->type > == ((dns_rdatatype_t)dns_rdatatype_dnskey)) failed, back trace > Feb 3 08:38:07 server named[16906]: #0 0x7f9b66798e19 in ?? > Feb 3 08:38:07 server named[16906]: #1 0x7f9b650d5f3a in ?? > Feb 3 08:38:07 server named[16906]: #2 0x7f9b66094e57 in ?? > Feb 3 08:38:07 server named[16906]: #3 0x7f9b6609b599 in ?? > Feb 3 08:38:07 server named[16906]: #4 0x7f9b650f4dfd in ?? > Feb 3 08:38:07 server named[16906]: #5 0x7f9b64aa8b50 in ?? > Feb 3 08:38:07 server named[16906]: #6 0x7f9b64492fbd in ?? > Feb 3 08:38:07 server named[16906]: exiting (due to assertion failure) > > Ondrej Zary reported this on Sat, 02 Sep 2017 in bug #860225 but it > was closed and archived without answer. May I ask why? > > I had a look in the relevant bug report at redhat, but they do not > provide much details https://bugzilla.redhat.com/show_bug.cgi?id=1447743 > So I'm not 100% sure it is the same bug. > > > *** Please consider answering these questions, where appropriate *** > > * What led up to the situation? > * What exactly did you do (or not do) that was effective (or > ineffective)? > * What was the outcome of this action? > * What outcome did you expect instead? > > *** End of the template - remove these lines *** > > > -- System Information: > Debian Release: 7.11 > APT prefers oldoldstable > APT policy: (500, 'oldoldstable') > Architecture: i386 (i686) > > Kernel: Linux 3.2.0-5-686-pae (SMP w/1 CPU core) > Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2) > Shell: /bin/sh linked to /bin/bash > > Versions of packages bind9 depends on: > ii adduser 3.113+nmu3 > ii bind9utils 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii debconf [debconf-2.0] 1.5.49 > ii libbind9-80 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii libc6 2.13-38+deb7u12 > ii libcap2 1:2.22-1.2 > ii libdns88 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u9 > ii libisc84 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii libisccc80 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii libisccfg82 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii liblwres80 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > ii libssl1.0.0 1.0.1t-1+deb7u3 > ii libxml2 2.8.0+dfsg1-7+wheezy12 > ii lsb-base 4.1+Debian8+deb7u1 > ii net-tools 1.60-24.2 > ii netbase 5.0 > > bind9 recommends no packages. > > Versions of packages bind9 suggests: > pn bind9-doc <none> > ii dnsutils 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 > pn resolvconf <none> > pn ufw <none> > > -- Configuration Files: > /etc/bind/named.conf.local changed: > // > // Do any local configuration here > // > // Consider adding the 1918 zones here, if they are not used in your > // organization > include "/etc/bind/zones.rfc1918"; > > /etc/bind/named.conf.options changed: > options { > directory "/var/cache/bind"; > // If there is a firewall between you and nameservers you want > // to talk to, you may need to fix the firewall to allow multiple > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > // If your ISP provided one or more IP addresses for stable > // nameservers, you probably want to use them as forwarders. > // Uncomment the following block, and insert the addresses replacing > // the all-0's placeholder. > // forwarders { > // 0.0.0.0; > // }; > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > listen-on { 127.0.0.1; }; > dnssec-enable yes; > dnssec-validation auto; > dnssec-lookaside auto; > }; > > > -- debconf information: > bind9/different-configuration-file: > bind9/run-resolvconf: true > bind9/start-as-user: bind > > _______________________________________________ > pkg-dns-devel mailing list > pkg-dns-de...@lists.alioth.debian.org > https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel