Your message dated Sun, 05 Oct 2008 09:02:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#500910: fixed in pdnsd 1.2.6-par-10
has caused the Debian Bug report #500910,
regarding CVE-2008-4194 denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
500910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500910
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pdnsd
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pdnsd.
CVE-2008-4194[0]:
| The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par
| allows remote attackers to cause a denial of service (daemon crash)
| via a long DNS reply with many entries in the answer section, related
| to a "dangling pointer bug."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4194
http://security-tracker.debian.net/tracker/CVE-2008-4194
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8V3g6MXRPf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: pdnsd
Source-Version: 1.2.6-par-10
We believe that the bug you reported is fixed in the latest version of
pdnsd, which is due to be installed in the Debian FTP archive:
pdnsd_1.2.6-par-10.diff.gz
to pool/main/p/pdnsd/pdnsd_1.2.6-par-10.diff.gz
pdnsd_1.2.6-par-10.dsc
to pool/main/p/pdnsd/pdnsd_1.2.6-par-10.dsc
pdnsd_1.2.6-par-10_amd64.deb
to pool/main/p/pdnsd/pdnsd_1.2.6-par-10_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated pdnsd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 05 Oct 2008 09:54:52 +0200
Source: pdnsd
Binary: pdnsd
Architecture: source amd64
Version: 1.2.6-par-10
Distribution: unstable
Urgency: high
Maintainer: Pierre Habouzit <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description:
pdnsd - Proxy DNS Server
Closes: 490047 499984 500910
Changes:
pdnsd (1.2.6-par-10) unstable; urgency=high
.
* Add patches/0005-fix-for-CVE-2008-4194.patch for CVE-2008-4194.
(Closes: #500910).
* Document where the two default configuration are in README.Debian
(Closes: #499984).
* Update turkish translation thanks to Mert Dirik (Closes: #490047).
Checksums-Sha1:
af88824ae59be5a5c26639382daccfbc70154628 1139 pdnsd_1.2.6-par-10.dsc
567845752e33044e9ef5a3da2406f970361f4c8f 81156 pdnsd_1.2.6-par-10.diff.gz
9d96b42fdff7abf678f52ca3dd3873397fd4574f 287422 pdnsd_1.2.6-par-10_amd64.deb
Checksums-Sha256:
fc338b275e47703dd4c7644cdc7a21b7c13f0de63f47f8f3a1da47d5d4bb7dd3 1139
pdnsd_1.2.6-par-10.dsc
f455c6927595d0c00054999cf8fcfcd6cd6b4065481dff0967549389bebbd961 81156
pdnsd_1.2.6-par-10.diff.gz
36c984f761f23ad39c50b3c15ead2b6624599229ea58e3afe2728fcfc03cdb4d 287422
pdnsd_1.2.6-par-10_amd64.deb
Files:
d9ac6f099a06cfcd0de45767e3b3566e 1139 net optional pdnsd_1.2.6-par-10.dsc
38ff45e8a9de54f5284840069e29975c 81156 net optional pdnsd_1.2.6-par-10.diff.gz
ec036f26763f88687c86eae538a0b0a6 287422 net optional
pdnsd_1.2.6-par-10_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjodDEACgkQvGr7W6HudhwQAwCdFl0BEx191IG8+xcJL6hAoTP8
JXgAn3HTQGr5xF3wDhWoKWapQYCsqRto
=450A
-----END PGP SIGNATURE-----
--- End Message ---
