Bug#599515: marked as done (bind9: CVE-2010-3762)

Wed, 03 Aug 2011 02:06:47 -0700 

Your message dated Wed, 3 Aug 2011 10:57:41 +0200
with message-id <20110803085741.GI2644@localhost>
and subject line Done: Bug#599515: bind9: CVE-2010-3762
has caused the Debian Bug report #599515,
regarding bind9: CVE-2010-3762
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
599515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599515
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: bind9
Severity: grave
Tags: security
Justification: user security hole

Two security issues have been reported in Bind:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html

   * If BIND, acting as a DNSSEC validating server, has two or more
     trust anchors configured in named.conf for the same zone (such as
     example.com) and the response for a record in that zone from the
     authoritative server includes a bad signature, the validating
     server will crash while trying to validate that query.
-> This is CVE-2010-3762

    * A flaw where the wrong ACL was applied was fixed. This flaw
      allowed access to a cache via recursion even though the ACL
      disallowed it.
-> No CVE ID is available so far, but this issue only affects 9.7.2,
so Squeeze/sid is not affected:
https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message --- 
Version: 1:9.7.3.dfsg-1~squeeze2

Closing this bug, as both issues seems to be fixed.

See http://security-tracker.debian.org/tracker/CVE-2010-3762 and
http://security-tracker.debian.org/tracker/DSA-2130-1

bert.

--- End Message ---

Reply via email to