Your message dated Sat, 25 May 2024 15:34:29 +0000
with message-id <e1satph-00dbov...@fasolo.debian.org>
and subject line Bug#1071750: fixed in dnsdist 1.9.4-1
has caused the Debian Bug report #1071750,
regarding dnsdist: CVE-2024-25581
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071750
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2024-25581[0]:
| When incoming DNS over HTTPS support is enabled using the nghttp2
| provider, and queries are routed to a tcp-only or DNS over TLS
| backend, an attacker can trigger an assertion failure in DNSdist by
| sending a request for a zone transfer (AXFR or IXFR) over DNS over
| HTTPS, causing the process to stop and thus leading to a Denial of
| Service. DNS over HTTPS is not enabled by default, and backends are
| using plain DNS (Do53) by default.
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html
Patches: https://downloads.powerdns.com/patches/2024-03/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-25581
https://www.cve.org/CVERecord?id=CVE-2024-25581
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 1.9.4-1
Done: Chris Hofstaedtler <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dnsdist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <z...@debian.org> (supplier of updated dnsdist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 May 2024 17:12:11 +0200
Source: dnsdist
Architecture: source
Version: 1.9.4-1
Distribution: unstable
Urgency: medium
Maintainer: dnsdist packagers <dnsd...@packages.debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Closes: 1071750
Changes:
dnsdist (1.9.4-1) unstable; urgency=medium
.
* New upstream version 1.9.4, fixes CVE-2024-25581 (Closes: #1071750)
* Enable AF_XDP support
* Stop using (vendored) libh2o
* Fix systemd version detection when version is 256~rc3
Checksums-Sha1:
c496db02b7c46933448858e9dab799c6a0f36195 2522 dnsdist_1.9.4-1.dsc
ca280d892da4b1ffe2ce8b95dcf8a6a167546654 1591994 dnsdist_1.9.4.orig.tar.bz2
8c43ab1ee7332e267b845f728c0ecf81685a20f2 525 dnsdist_1.9.4.orig.tar.bz2.asc
4286f90b9be01f7c08d39432b6a932554c1673eb 17560 dnsdist_1.9.4-1.debian.tar.xz
570932343d89dd000c66babafb6f74eff4e78b43 15953 dnsdist_1.9.4-1_arm64.buildinfo
Checksums-Sha256:
cbbe4f46afeb1f5ac3430b0d5d92b681d581751ff0d9cbb8c072ba149b8f7ca3 2522
dnsdist_1.9.4-1.dsc
297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14 1591994
dnsdist_1.9.4.orig.tar.bz2
b6b167ac060823e62564cb1e1efee81c67d91fd882baecab9322cacae93ebb8f 525
dnsdist_1.9.4.orig.tar.bz2.asc
7566c4c37455c10c7c540e107e7efef60698c6c12159b08ff30bc15ab15c2f75 17560
dnsdist_1.9.4-1.debian.tar.xz
e6701ab04cb148547e5811b5f5ffd44be83ecdc7e7fbc2aff1e6487bc7e43a53 15953
dnsdist_1.9.4-1_arm64.buildinfo
Files:
5c0c03e1c374d5cf3b9e36259c1a1cf2 2522 net optional dnsdist_1.9.4-1.dsc
c870d95b621dec6dd1ce94e322a0f0cf 1591994 net optional
dnsdist_1.9.4.orig.tar.bz2
6f2e6f2197c9839766f02dab01c8484e 525 net optional
dnsdist_1.9.4.orig.tar.bz2.asc
0ce37e0b489b8e3a149bf8922a48790c 17560 net optional
dnsdist_1.9.4-1.debian.tar.xz
cc0a0bef72d92ba207aa27996a21c39b 15953 net optional
dnsdist_1.9.4-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmZSAgIACgkQXBPW25MF
LgNdPg/+JyU6N8f/jDoK2SGc5KZYfadeDhEjCHTew5/tQ+pZ/FVGNa5+WPBIAYkY
vQxYfAjsktblsA4l1Swd8jKAHfJPKCDxch7kl8oRxyMAlkLMYSfV0kXoCfjdHLzZ
jbrScIyRUzb8cxbDMqdZO3BGKTZ1Sl/Uz+RCq6r6MMVC/TZPsrsKjEkryftDOr+v
sYGr6O3U7Az2A/pby7chjsAvnu1vlnjMoVKJ6087XIA+nwEQNVac6NwGrcoTjzES
rjJeI0vUS0xMgW1eqDAZ9CFqISZDEe0nqKFkBi5cG3YwnubfM2vqljV+tkxwttTJ
FhapfJSO0cJgRgo2TdBEv6dJuQORkneHp5dz8AM479gjoND+4bNeaehhKzjrDiTf
mtrghvygKq6XS341a1s7xF7L2rKaeQgVaUDCFNDlCkB2osncFJpBhtKk0W+hxZlE
JsG6z/mIN2w5X2F1U53DW7IucU4nQlkd77h9hsVUpIv9yvmXYGe2NSQYGWC01Eai
y/75Gz5Iq2YU0bm9bozPkXp8XOCPxQ9LT9DVEYHFd1BJSsvpijioFdayyL6/Dbmb
BCI8WewO6WBwq8KpSOXbQSbZ3pRzy3LoUvyoO9pnOpjqy0cyz266RpOfTVNRXxOQ
k0BcPAe4tCF2zRpeial5nhSpV67LMYiZ3oaschlYZHpT3QpePtA=
=V8LG
-----END PGP SIGNATURE-----
pgpdQIw6mMbfE.pgp
Description: PGP signature
--- End Message ---
