Control: tag -1 confirmed On Mon, Sep 06, 2021 at 04:21:15PM +0000, Jakub Ružička wrote: > [ Reason ] > Fixing bug #991463 (CVE-2021-40083) - potential DoS. > > [ Impact ] > Vulnerability to DoS attack. > > [ Tests ] > I've tested the fix manually by running the deckard (DNS test harness) > test sets/resolver/val_iter_high.rpl supplied with the upstream fix. > > It's not trivial to setup system for deckard so I've used upstream > Debian bullseye docker image from Knot CI: > > docker run -it --privileged > registry.nic.cz/knot/knot-resolver/ci/debian-11:knot-3.0 > > With current knot-resolver-5.3.1-1 the test failed. > With suggested knot-resolver-5.3.1-1+deb11u1 the test passed. > > [ Risks ] > This is a simple backport of upstream fix. > > Upstream tests run during package build so chances of something > breaking are small. > > [ Checklist ] > [*] *all* changes are documented in the d/changelog > [*] I reviewed all changes and I approve them > [*] attach debdiff against the package in (old)stable > [*] the issue is verified as fixed in unstable > Feel free to go ahead and upload, thank you.
Cheers, Julien
