Control: tags 793903 + pending
Hi Mike,
I've prepared an NMU for bind9 (versioned as 1:9.9.5.dfsg-10.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I should
delay it longer or if I should cancel it instead and you handle the
upload yourself.
Regards,
Salvatore
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+bind9 (1:9.9.5.dfsg-10.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
+ result in an assertion failure. (Closes: #793903)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Wed, 29 Jul 2015 07:56:22 +0200
+
bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
* Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
only in patch2:
unchanged:
--- bind9-9.9.5.dfsg.orig/lib/dns/tkey.c
+++ bind9-9.9.5.dfsg/lib/dns/tkey.c
@@ -650,6 +650,7 @@
* Try the answer section, since that's where Win2000
* puts it.
*/
+ name = NULL;
if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
dns_rdatatype_tkey, 0, &name,
&tkeyset) != ISC_R_SUCCESS) {
